The signIn with redirect:false + router.push wasn't working
properly. Switched to callbackUrl approach where the server
handles the 302 redirect and cookie setting natively.
- Login page with email/password
- Auth middleware (proxy) protecting all routes
- Seed endpoint for admin user creation (admin@optiquestock.com / admin123)
- Session provider wrapping root layout
- User info + logout button in header
- Updated POS sales route to track authenticated user
