refactor: 统一认证端点并删除冗余 profile 模块

- 合并 auth 端点: /verifications/verify → /verify, /verifications/resend → /resend
- 整合密码重置到 /verify 端点 (type=recovery)
- 移除未使用的 /auth/users 端点
- 添加 redirect URL 白名单验证 (site_url + additional_redirect_urls)
- 限流改用 Redis + IP 标识，替代内存锁
- 删除 v1/profile 死代码模块
- 更新前端 auth_api 适配新端点
- 添加 supabase site_url 和 additional_redirect_urls 配置

backend/tests/unit/test_settings_supabase_env.py

@@ -14,6 +14,11 @@ def test_social_prefixed_supabase_env_populates_settings(
     monkeypatch.setenv("SOCIAL_SUPABASE__ANON_KEY", "anon-key")
     monkeypatch.setenv("SOCIAL_SUPABASE__SERVICE_ROLE_KEY", "service-key")
     monkeypatch.setenv("SOCIAL_SUPABASE__JWT_SECRET", "jwt-secret")
+    monkeypatch.setenv("SOCIAL_SUPABASE__SITE_URL", "https://app.example.com")
+    monkeypatch.setenv(
+        "SOCIAL_SUPABASE__ADDITIONAL_REDIRECT_URLS",
+        '["https://a.example.com", "https://b.example.com/path"]',
+    )
     monkeypatch.setenv("SOCIAL_DATABASE__HOST", "db")
     monkeypatch.setenv("SOCIAL_DATABASE__PORT", "5432")
     monkeypatch.setenv("SOCIAL_DATABASE__NAME", "app")
@@ -26,10 +31,16 @@ def test_social_prefixed_supabase_env_populates_settings(
     assert settings.supabase.anon_key == "anon-key"
     assert settings.supabase.service_role_key == "service-key"
     assert settings.supabase.jwt_secret == "jwt-secret"
+    assert settings.supabase.site_url == "https://app.example.com"
+    assert settings.supabase.additional_redirect_urls == [
+        "https://a.example.com",
+        "https://b.example.com/path",
+    ]
 
     supabase_settings = settings.model_dump()["supabase"]
     assert supabase_settings["public_url"] == "https://public.example:8443"
     assert supabase_settings["anon_key"] == "anon-key"
     assert supabase_settings["service_role_key"] == "service-key"
     assert supabase_settings["jwt_secret"] == "jwt-secret"
+    assert supabase_settings["site_url"] == "https://app.example.com"
     assert settings.database_url == "postgresql+asyncpg://user:pass@db:5432/app"