feat: add email verification, password reset, and WSDC integration (Phase 1.5)

Backend features:
- AWS SES email service with HTML templates
- Email verification with dual method (link + 6-digit PIN code)
- Password reset workflow with secure tokens
- WSDC API proxy for dancer lookup and auto-fill registration
- Extended User model with verification and WSDC fields
- Email verification middleware for protected routes

Frontend features:
- Two-step registration with WSDC ID lookup
- Password strength indicator component
- Email verification page with code input
- Password reset flow (request + reset pages)
- Verification banner for unverified users
- Updated authentication context and API service

Testing:
- 65 unit tests with 100% coverage of new features
- Tests for auth utils, email service, WSDC controller, and middleware
- Integration tests for full authentication flows
- Comprehensive mocking of AWS SES and external APIs

Database:
- Migration: add WSDC fields (firstName, lastName, wsdcId)
- Migration: add email verification fields (token, code, expiry)
- Migration: add password reset fields (token, expiry)

Documentation:
- Complete Phase 1.5 documentation
- Test suite documentation and best practices
- Updated session context with new features

frontend/src/services/api.js

@@ -49,10 +49,10 @@ async function fetchAPI(endpoint, options = {}) {
 
 // Auth API
 export const authAPI = {
-  async register(username, email, password) {
+  async register(username, email, password, firstName = null, lastName = null, wsdcId = null) {
     const data = await fetchAPI('/auth/register', {
       method: 'POST',
-      body: JSON.stringify({ username, email, password }),
+      body: JSON.stringify({ username, email, password, firstName, lastName, wsdcId }),
     });
 
     // Save token
@@ -82,12 +82,57 @@ export const authAPI = {
     return data.data;
   },
 
+  async verifyEmailByToken(token) {
+    const data = await fetchAPI(`/auth/verify-email?token=${token}`);
+    return data;
+  },
+
+  async verifyEmailByCode(email, code) {
+    const data = await fetchAPI('/auth/verify-code', {
+      method: 'POST',
+      body: JSON.stringify({ email, code }),
+    });
+    return data;
+  },
+
+  async resendVerification(email) {
+    const data = await fetchAPI('/auth/resend-verification', {
+      method: 'POST',
+      body: JSON.stringify({ email }),
+    });
+    return data;
+  },
+
+  async requestPasswordReset(email) {
+    const data = await fetchAPI('/auth/request-password-reset', {
+      method: 'POST',
+      body: JSON.stringify({ email }),
+    });
+    return data;
+  },
+
+  async resetPassword(token, newPassword) {
+    const data = await fetchAPI('/auth/reset-password', {
+      method: 'POST',
+      body: JSON.stringify({ token, newPassword }),
+    });
+    return data;
+  },
+
   logout() {
     localStorage.removeItem('token');
     localStorage.removeItem('user');
   },
 };
 
+// WSDC API (Phase 1.5)
+export const wsdcAPI = {
+  async lookupDancer(wsdcId) {
+    const data = await fetchAPI(`/wsdc/lookup?id=${wsdcId}`);
+    return data;
+  },
+};
+
 // Events API
 export const eventsAPI = {
   async getAll() {