Add user auth with JWT, switch to bun test

- User table with company_id FK, unique email, role enum
- Register/login routes with bcrypt + JWT token generation
- Auth plugin with authenticate decorator and role guards
- Login uses globally unique email (no company header needed)
- Dev-auth plugin kept as fallback when JWT_SECRET not set
- Switched from vitest to bun:test (vitest had ESM resolution
  issues with zod in Bun's module structure)
- Upgraded to zod 4
- Added Dockerfile.dev and API service to docker-compose
- 8 tests passing (health + auth)

packages/backend/package.json

@@ -6,8 +6,8 @@
   "scripts": {
     "dev": "bun --watch run src/main.ts",
     "start": "bun run src/main.ts",
-    "test": "vitest run",
-    "test:watch": "vitest",
+    "test": "bun test",
+    "test:watch": "bun test --watch",
     "lint": "eslint src/",
     "db:generate": "bunx drizzle-kit generate",
     "db:migrate": "bunx drizzle-kit migrate",
@@ -21,13 +21,15 @@
     "drizzle-orm": "^0.38",
     "postgres": "^3",
     "ioredis": "^5",
-    "zod": "^3"
+    "zod": "^4",
+    "@fastify/jwt": "^9",
+    "bcrypt": "^6"
   },
   "devDependencies": {
     "typescript": "^5",
     "drizzle-kit": "^0.30",
     "pino-pretty": "^13",
-    "vitest": "^3",
-    "@types/node": "^22"
+    "@types/node": "^22",
+    "@types/bcrypt": "^5"
   }
 }