Add multi-user auth system and admin panel

- User model with email/hashed_password/is_admin/notification_prefs
- JWT auth: POST /api/auth/register, /login, /me
- First registered user auto-promoted to admin
- Migration 0005: users table + user_id FK on follows (clears global follows)
- Follows, dashboard, settings, admin endpoints all require authentication
- Admin endpoints (settings writes, celery triggers) require is_admin
- Frontend: login/register pages, Zustand auth store (localStorage persist)
- AuthGuard component gates all app routes, shows app shell only when authed
- Sidebar shows user email + logout; Admin nav link visible to admins only
- Admin panel (/settings): user list with delete + promote/demote, LLM config,
  data source settings, and manual celery controls

Authored-By: Jack Levy

.env.example

@@ -4,6 +4,10 @@ LOCAL_URL=http://localhost
 # Public-facing URL when accessed via your reverse proxy (leave blank if none)
 PUBLIC_URL=
 
+# ─── Auth ──────────────────────────────────────────────────────────────────────
+# Generate a strong random secret: python -c "import secrets; print(secrets.token_hex(32))"
+JWT_SECRET_KEY=
+
 # ─── PostgreSQL ───────────────────────────────────────────────────────────────
 POSTGRES_USER=congress
 POSTGRES_PASSWORD=congress