fix(auth): verify SIWE message nonce matches stored challenge nonce 🐛

[Klazomenai]

Problem

Both handle_verify and handle_auth_token in src/lib.rs consume the pending nonce by address lookup but never verify that the signed SIWE message actually contains the expected nonce value.

The nonce is embedded in the challenge response and signed by the client, so forgery requires a valid signature over a different message — the risk is low. However, explicitly comparing the nonce from the parsed SIWE message against the stored value would provide defense-in-depth.

Current behaviour

let mut nonces = state.pending_nonces.write().await;
let addr_key = format!("{:?}", address).to_lowercase();
if nonces.remove(&addr_key).is_none() { ... }

Checks that a nonce exists for the address, but not that it matches the nonce inside the signed message.

Fix

After verify_signature recovers the address, parse the SIWE message and compare its nonce field against the stored value before consuming it.

Scope

Affects both /auth/verify and /auth/token — fix both in a single PR.