fix: handle Apple's new trustedPhoneNumbers location in auth response

Apple moved trustedPhoneNumbers from twoSV.phoneNumberVerification to
twoSV.bridgeInitiateData.phoneNumberVerification in their auth page
HTML (observed with iOS 26.4+). This caused get_trusted_phone_numbers()
to return an empty list, hiding the SMS 2FA option and leaving users
with no way to authenticate (since iOS 26 also removed the manual
"Get Verification Code" button from Settings).

The fix checks both locations, falling back to bridgeInitiateData
when the original path returns no results.

Fixes #1322

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: root

src/pyicloud_ipd/sms.py

@@ -65,12 +65,17 @@ def parse_trusted_phone_numbers_payload(content: str) -> Sequence[TrustedDevice]
     parser = _SMSParser()
     parser.feed(content)
     parser.close()
+    twoSV = parser.sms_data.get("direct", {}).get("twoSV", {})
+    # Apple moved trustedPhoneNumbers into bridgeInitiateData.phoneNumberVerification (2026+)
     numbers: Sequence[Mapping[str, Any]] = (
-        parser.sms_data.get("direct", {})
-        .get("twoSV", {})
-        .get("phoneNumberVerification", {})
-        .get("trustedPhoneNumbers", [])
+        twoSV.get("phoneNumberVerification", {}).get("trustedPhoneNumbers", [])
     )
+    if not numbers:
+        numbers = (
+            twoSV.get("bridgeInitiateData", {})
+            .get("phoneNumberVerification", {})
+            .get("trustedPhoneNumbers", [])
+        )
     return list(item for item in map(_map_to_trusted_device, numbers) if item is not None)