feat: implement user authentication with login and register

- Add login screen with email/username support
- Add register screen with email validation
- Implement AuthStore with expo-secure-store (native) / localStorage (web)
- Add X-User-Id header authentication (simple auth without JWT)
- Rename displayName to userName across codebase
- Add findByUserName() to UserRepository
- Check for existing email AND username on registration
- Add AuthButton component with shadow effect
- Add logout button to Header
- Add hash-password.js utility script for manual password resets
- Update CORS to allow X-User-Id header

apps/client/src/services/ApiClient.ts

@@ -1,5 +1,6 @@
 import { Platform } from "react-native";
 import { apiLogger } from "../logging";
+import { useAuthStore } from "../stores";
 
 const API_BASE_URL =
   process.env.EXPO_PUBLIC_API_URL ||
@@ -13,6 +14,16 @@ type HttpMethod = "GET" | "POST" | "PUT" | "DELETE";
 interface RequestOptions {
   headers?: Record<string, string>;
   body?: unknown;
+  skipAuth?: boolean;
+}
+
+function getAuthHeaders(): Record<string, string> {
+  const user = useAuthStore.getState().user;
+  apiLogger.debug(`getAuthHeaders - user: ${JSON.stringify(user)}`);
+  if (user?.id) {
+    return { "X-User-Id": user.id };
+  }
+  return {};
 }
 
 async function request<T>(
@@ -24,10 +35,13 @@ async function request<T>(
   apiLogger.debug(`${method} ${endpoint}`);
 
   try {
+    const authHeaders = options?.skipAuth ? {} : getAuthHeaders();
+
     const response = await fetch(`${API_BASE_URL}${endpoint}`, {
       method,
       headers: {
         "Content-Type": "application/json",
+        ...authHeaders,
         ...options?.headers,
       },
       body: options?.body ? JSON.stringify(options.body) : undefined,