refactor: 统一认证端点并删除冗余 profile 模块

- 合并 auth 端点: /verifications/verify → /verify, /verifications/resend → /resend
- 整合密码重置到 /verify 端点 (type=recovery)
- 移除未使用的 /auth/users 端点
- 添加 redirect URL 白名单验证 (site_url + additional_redirect_urls)
- 限流改用 Redis + IP 标识，替代内存锁
- 删除 v1/profile 死代码模块
- 更新前端 auth_api 适配新端点
- 添加 supabase site_url 和 additional_redirect_urls 配置

apps/lib/features/auth/data/auth_api.dart

@@ -21,14 +21,17 @@ class AuthApi {
 
   Future<AuthResponse> verifyVerification(SignupVerifyRequest request) async {
     final response = await _client.post(
-      '$_prefix/verifications/verify',
-      data: request.toJson(),
+      '$_prefix/verify',
+      data: {'type': 'signup', ...request.toJson()},
     );
     return AuthResponse.fromJson(response.data);
   }
 
   Future<void> resendVerification(SignupResendRequest request) async {
-    await _client.post('$_prefix/verifications/resend', data: request.toJson());
+    await _client.post(
+      '$_prefix/resend',
+      data: {'type': 'signup', ...request.toJson()},
+    );
   }
 
   Future<AuthResponse> createSession(LoginRequest request) async {
@@ -52,7 +55,10 @@ class AuthApi {
   }
 
   Future<void> requestPasswordReset(String email) async {
-    await _client.post('$_prefix/password-reset', data: {'email': email});
+    await _client.post(
+      '$_prefix/resend',
+      data: {'type': 'recovery', 'email': email},
+    );
   }
 
   Future<void> confirmPasswordReset({
@@ -61,8 +67,13 @@ class AuthApi {
     required String newPassword,
   }) async {
     await _client.post(
-      '$_prefix/password-reset/confirm',
-      data: {'email': email, 'token': token, 'new_password': newPassword},
+      '$_prefix/verify',
+      data: {
+        'type': 'recovery',
+        'email': email,
+        'token': token,
+        'new_password': newPassword,
+      },
     );
   }
 }