docs: add smoke script and auth-aware verification steps

docs/VERIFY.md

@@ -4,6 +4,8 @@
 
 ```bash
 cd no-reply-api
+# optional: enforce bearer token checks
+# export AUTH_TOKEN='replace-with-strong-token'
 npm start
 ```
 
@@ -16,6 +18,14 @@ curl -sS -X POST http://127.0.0.1:8787/v1/chat/completions \
   -d '{"model":"whispergate-no-reply-v1","messages":[{"role":"user","content":"hi"}]}'
 ```
 
+Or run bundled smoke check:
+
+```bash
+./scripts/smoke-no-reply-api.sh
+# with auth:
+# AUTH_TOKEN='replace-with-strong-token' ./scripts/smoke-no-reply-api.sh
+```
+
 Expected assistant text: `NO_REPLY`
 
 ## 3) Enable plugin