Add multi-user auth system and admin panel

- User model with email/hashed_password/is_admin/notification_prefs
- JWT auth: POST /api/auth/register, /login, /me
- First registered user auto-promoted to admin
- Migration 0005: users table + user_id FK on follows (clears global follows)
- Follows, dashboard, settings, admin endpoints all require authentication
- Admin endpoints (settings writes, celery triggers) require is_admin
- Frontend: login/register pages, Zustand auth store (localStorage persist)
- AuthGuard component gates all app routes, shows app shell only when authed
- Sidebar shows user email + logout; Admin nav link visible to admins only
- Admin panel (/settings): user list with delete + promote/demote, LLM config,
  data source settings, and manual celery controls

Authored-By: Jack Levy

backend/app/schemas/schemas.py

@@ -123,6 +123,7 @@ class FollowCreate(BaseModel):
 
 class FollowSchema(BaseModel):
     id: int
+    user_id: int
     follow_type: str
     follow_value: str
     created_at: datetime
@@ -130,6 +131,31 @@ class FollowSchema(BaseModel):
     model_config = {"from_attributes": True}
 
 
+# ── Settings ──────────────────────────────────────────────────────────────────
+
+# ── Auth ──────────────────────────────────────────────────────────────────────
+
+class UserCreate(BaseModel):
+    email: str
+    password: str
+
+
+class UserResponse(BaseModel):
+    id: int
+    email: str
+    is_admin: bool
+    notification_prefs: dict
+    created_at: Optional[datetime] = None
+
+    model_config = {"from_attributes": True}
+
+
+class TokenResponse(BaseModel):
+    access_token: str
+    token_type: str = "bearer"
+    user: "UserResponse"
+
+
 # ── Settings ──────────────────────────────────────────────────────────────────
 
 class SettingUpdate(BaseModel):