feat(auth): Implementiere vollständiges Auth-System

- JWT Access + Refresh Tokens mit djwt
- Argon2 Password Hashing (OWASP konfig)
- Rate Limiting für Auth-Endpoints
- Rollen-basierte Zugriffskontrolle (owner, admin, manager, user)
- DSGVO Audit Logging
- Email-Verifizierung (Struktur)
- Passwort-Reset Flow
- Multi-Device Logout

Neue Dateien:
- src/types/index.ts - TypeScript Interfaces
- src/db/connection.ts - PostgreSQL Pool
- src/services/password.ts - Argon2 Hashing
- src/services/jwt.ts - Token Generation
- src/services/audit.ts - DSGVO Audit Log
- src/middleware/auth.ts - Auth Middleware
- src/repositories/user.ts - User DB Queries
- src/repositories/organization.ts - Org DB Queries
- src/utils/response.ts - API Response Helpers

Task: #8 Authentifizierung & Benutzerverwaltung

.env.example

@@ -1,19 +1,27 @@
+# ============================================
+# PULSE CRM BACKEND - Environment Variables
+# ============================================
+
 # Server
 PORT=8000
 NODE_ENV=development
 
 # Database (PostgreSQL)
-DATABASE_URL=postgres://user:password@localhost:5432/pulse_crm
+DATABASE_URL=postgresql://pulse:password@localhost:5432/pulse_crm
+DB_POOL_SIZE=10
 
-# JWT
-JWT_SECRET=your-super-secret-jwt-key-min-32-chars
-JWT_ACCESS_EXPIRES=15m
-JWT_REFRESH_EXPIRES=7d
+# JWT Secrets (use `openssl rand -base64 32` to generate)
+JWT_SECRET=CHANGE_ME_IN_PRODUCTION_use_openssl_rand_base64_32
 
-# Email (Resend)
-RESEND_API_KEY=re_xxxxxxxxxxxxx
-EMAIL_FROM=noreply@pulse-crm.de
+# CORS
+CORS_ORIGINS=http://localhost:3000,https://crm.kronos-soulution.de
 
-# App
-APP_URL=https://crm.kronos-soulution.de
-API_URL=https://api.crm.kronos-soulution.de
+# Email (for verification, password reset)
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USER=noreply@example.com
+SMTP_PASS=your-smtp-password
+SMTP_FROM=Pulse CRM <noreply@example.com>
+
+# Frontend URL (for email links)
+FRONTEND_URL=https://crm.kronos-soulution.de