Add auth system with invite-only registration and admin roles

JWT-based auth (hono/jwt + bcrypt), anonymous-first flow preserved.
Registration requires invite code when REQUIRE_INVITE=true. Admin
user seeded on startup (admin/admin, forced password reset). Login
accepts email or username. Admin invitations management page in
sidebar. Regular users get invite-a-friend button when USER_INVITATIONS > 0.
Frontend gate screen blocks game access for unregistered users with
invite code entry, registration, login, and password reset flows.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docker-compose.yml

@@ -15,6 +15,9 @@ services:
       - DATABASE_URL=postgresql://aitycoon:aitycoon@db:5432/aitycoon
       - PORT=3001
       - CORS_ORIGIN=*
+      - JWT_SECRET=change-me-to-a-random-secret
+      - REQUIRE_INVITE=true
+      - USER_INVITATIONS=0
     depends_on:
       db:
         condition: service_healthy