feat(middleware): add JWT auth module with bcryptjs login and protected routes
- src/api/middleware/auth.ts: signToken, verifyToken, authMiddleware (Bearer JWT, 24h expiry)
- src/api/routes/auth.ts: POST /api/auth/login (bcryptjs verify) and GET /api/auth/me (protected)
- src/index.ts: mount auth router at /api/auth
- tests/api/auth.test.ts: 7 tests covering login success, wrong password, no token, invalid token, valid access
- Using bcryptjs (pure JS) instead of bcrypt (requires Visual Studio on Windows)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>