feat(auth): refactor auth controller with security improvements

[zaibamachhaliya]

Fixes: #304

Changes

Security

• Added rate limiting for OTP requests (max 3 per 5 minutes)
• Added login lockout after 5 failed attempts (15 min lockout)
• Removed plain text password storage from pendingSignups
• Added proper password hashing before storing

New Features

• Added logout endpoint with token cleanup
• Added change password endpoint with current password verification

Validation

• Added OTP format validation (must be 6 digits)
• Added email verification check before password reset

Code Structure

• Moved OTP expiry to environment variable (OTP_EXPIRY_MINUTES)
• Added proper error handling for all database operations
• Added session cleanup for failed verifications

Database

• Added email_verified column tracking
• Added last_login timestamp tracking

[vercel]

@zaibamachhaliya is attempting to deploy a commit to the Bhuvansh's projects Team on Vercel.

A member of the Team first needs to authorize it.

[zaibamachhaliya]

I've resolved the conflicts. Please review again.