feat: add JWT authentication with register, login, refresh, and me endpoints

Adds bcrypt password hashing, JWT access/refresh token generation, requireAuth middleware, and /api/auth routes (POST /register, POST /login, POST /refresh, GET /me).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

packages/server/package.json

@@ -10,13 +10,17 @@
   },
   "dependencies": {
     "@agent-fox/shared": "workspace:*",
-    "express": "^5.0.0",
+    "bcrypt": "^6.0.0",
     "cors": "^2.8.5",
+    "express": "^5.0.0",
+    "jsonwebtoken": "^9.0.3",
     "zod": "^3.24.0"
   },
   "devDependencies": {
-    "@types/express": "^5.0.0",
+    "@types/bcrypt": "^6.0.0",
     "@types/cors": "^2.8.17",
+    "@types/express": "^5.0.0",
+    "@types/jsonwebtoken": "^9.0.10",
     "tsx": "^4.19.0",
     "typescript": "^5.7.0"
   }