feat(serve): add remote browser control over TCP with token auth

Exposes a local browser over a TCP socket so remote machines can
  control it using the same CLI and Python API. Token auth (auto-generated
  via secrets.token_urlsafe) is on by default; --no-auth disables it.
  Profile routing via _route message field lets clients target specific
  browser instances on the remote host. BROWSER_CLI_PROFILE is forwarded
  automatically so --browser flag works transparently over remote.
  - browser-cli serve [--host] [--port] [--token] [--no-auth]
  - browser-cli --remote HOST:PORT --token TOKEN <command>
  - BrowserCLI(remote="host:port", token="...").tabs_list()

browser_cli/__init__.py

@@ -33,16 +33,22 @@ class BrowserCounts:
 
 
 class BrowserCLI:
-    def __init__(self, browser: str | None = None):
+    def __init__(self, browser: str | None = None, remote: str | None = None, token: str | None = None):
         """
         Args:
             browser: Profile alias to target. Required when multiple browser
                      instances are active. Equivalent to ``--browser`` on the CLI.
+            remote: Connect to a remote browser exposed via ``browser-cli serve``.
+                    Format: ``"host:port"`` (e.g. ``"192.168.1.10:8765"``).
+                    When set, ``browser`` is ignored.
+            token: Auth token for the remote serve instance.
         """
         self._browser = browser
+        self._remote = remote
+        self._token = token
 
     def _cmd(self, command: str, args: dict | None = None):
-        return send_command(command, args, profile=self._browser)
+        return send_command(command, args, profile=self._browser, remote=self._remote, token=self._token)
 
     def _multi_browser_targets(self):
         if self._browser is not None: