feat(#4): Implement Authentik OIDC authentication with BetterAuth

- Integrated BetterAuth library for modern authentication
- Added Session, Account, and Verification database tables
- Created complete auth module with service, controller, guards, and decorators
- Implemented shared authentication types in @mosaic/shared package
- Added comprehensive test coverage (26 tests passing)
- Documented type sharing strategy for monorepo
- Updated environment configuration with OIDC and JWT settings

Key architectural decisions:
- BetterAuth over Passport.js for better TypeScript support
- Separation of User (DB entity) vs AuthUser (client-safe subset)
- Shared types package to prevent FE/BE drift
- Factory pattern for auth config to use shared Prisma instance

Ready for frontend integration (Issue #6).

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Fixes #4

apps/api/vitest.config.ts

@@ -13,6 +13,11 @@ export default defineConfig({
       exclude: ["node_modules/", "dist/"],
     },
     setupFiles: ["./vitest.setup.ts"],
+    server: {
+      deps: {
+        inline: ["@nestjs/common", "@nestjs/core"],
+      },
+    },
   },
   resolve: {
     alias: {