feat(auth): implement hybrid session model with HTTP-only cookies

Add HTTP-only cookie session support to backend for SSR compatibility
Update frontend fetch calls to include credentials
Maintain legacy bearer token support for SPA transition

frontend/middleware/auth.global.ts

@@ -1,4 +1,4 @@
-import { api, getAuthToken, setAuthToken } from '../src/services/api';
+import { api, setAuthToken } from '../src/services/api';
 
 export default defineNuxtRouteMiddleware(async (to) => {
   const requiredPermissions = to.matched
@@ -16,10 +16,6 @@ export default defineNuxtRouteMiddleware(async (to) => {
     return;
   }
 
-  if (!getAuthToken()) {
-    return navigateTo({ path: '/login', query: { redirect: to.fullPath } });
-  }
-
   try {
     const response = await api.me();
     if (requiresVerified && !response.user.emailVerified) {