refactor: 统一认证端点并删除冗余 profile 模块

- 合并 auth 端点: /verifications/verify → /verify, /verifications/resend → /resend
- 整合密码重置到 /verify 端点 (type=recovery)
- 移除未使用的 /auth/users 端点
- 添加 redirect URL 白名单验证 (site_url + additional_redirect_urls)
- 限流改用 Redis + IP 标识，替代内存锁
- 删除 v1/profile 死代码模块
- 更新前端 auth_api 适配新端点
- 添加 supabase site_url 和 additional_redirect_urls 配置

backend/src/core/config/settings.py

@@ -119,10 +119,23 @@ class SupabaseSettings(BaseModel):
     public_scheme: str = "http"
     public_host: str = "localhost"
     kong_http_port: int = 8000
+    site_url: str = "http://localhost:3000"
+    additional_redirect_urls: list[str] = Field(default_factory=list)
     anon_key: str = "CHANGE_ME"
     service_role_key: str = "CHANGE_ME"
     jwt_secret: str | None = None
 
+    @field_validator("additional_redirect_urls", mode="before")
+    @classmethod
+    def normalize_redirect_urls(cls, value: object) -> list[str]:
+        if value is None:
+            return []
+        if isinstance(value, str):
+            return [item.strip() for item in value.split(",") if item.strip()]
+        if isinstance(value, list):
+            return [str(item).strip() for item in value if str(item).strip()]
+        return []
+
     @computed_field
     @property
     def public_url(self) -> str: