feat(auth): Implementiere vollständiges Auth-System

- JWT Access + Refresh Tokens mit djwt
- Argon2 Password Hashing (OWASP konfig)
- Rate Limiting für Auth-Endpoints
- Rollen-basierte Zugriffskontrolle (owner, admin, manager, user)
- DSGVO Audit Logging
- Email-Verifizierung (Struktur)
- Passwort-Reset Flow
- Multi-Device Logout

Neue Dateien:
- src/types/index.ts - TypeScript Interfaces
- src/db/connection.ts - PostgreSQL Pool
- src/services/password.ts - Argon2 Hashing
- src/services/jwt.ts - Token Generation
- src/services/audit.ts - DSGVO Audit Log
- src/middleware/auth.ts - Auth Middleware
- src/repositories/user.ts - User DB Queries
- src/repositories/organization.ts - Org DB Queries
- src/utils/response.ts - API Response Helpers

Task: #8 Authentifizierung & Benutzerverwaltung

src/types/index.ts

@@ -0,0 +1,157 @@
+// ============================================
+// USER TYPES
+// ============================================
+
+export type UserRole = "owner" | "admin" | "manager" | "user";
+
+export interface User {
+  id: string;
+  org_id: string;
+  email: string;
+  password_hash: string;
+  first_name: string;
+  last_name: string;
+  role: UserRole;
+  is_verified: boolean;
+  is_active: boolean;
+  verification_token?: string | null;
+  reset_token?: string | null;
+  reset_token_expires?: Date | null;
+  two_factor_secret?: string | null;
+  two_factor_enabled: boolean;
+  last_login_at?: Date | null;
+  created_at: Date;
+  updated_at: Date;
+  deleted_at?: Date | null;
+}
+
+export interface UserPublic {
+  id: string;
+  email: string;
+  firstName: string;
+  lastName: string;
+  role: UserRole;
+  isVerified: boolean;
+  orgId: string;
+  twoFactorEnabled: boolean;
+  createdAt: string;
+}
+
+// ============================================
+// ORGANIZATION TYPES
+// ============================================
+
+export type PlanType = "free" | "starter" | "pro" | "enterprise";
+
+export interface Organization {
+  id: string;
+  name: string;
+  slug: string;
+  plan: PlanType;
+  max_users: number;
+  settings: Record<string, unknown>;
+  created_at: Date;
+  updated_at: Date;
+  deleted_at?: Date | null;
+}
+
+export interface OrganizationPublic {
+  id: string;
+  name: string;
+  slug: string;
+  plan: PlanType;
+}
+
+// ============================================
+// AUTH TYPES
+// ============================================
+
+export interface TokenPayload {
+  sub: string; // user_id
+  email: string;
+  role: UserRole;
+  orgId: string;
+  type: "access" | "refresh";
+}
+
+export interface Tokens {
+  accessToken: string;
+  refreshToken: string;
+  expiresIn: number;
+}
+
+export interface RefreshTokenRecord {
+  id: string;
+  user_id: string;
+  token_hash: string;
+  expires_at: Date;
+  revoked: boolean;
+  created_at: Date;
+  revoked_at?: Date | null;
+}
+
+// ============================================
+// REQUEST / RESPONSE TYPES
+// ============================================
+
+export interface RegisterRequest {
+  email: string;
+  password: string;
+  firstName: string;
+  lastName: string;
+  orgName: string;
+}
+
+export interface LoginRequest {
+  email: string;
+  password: string;
+  twoFactorCode?: string;
+}
+
+export interface AuthResponse {
+  success: boolean;
+  data: {
+    user: UserPublic;
+    organization: OrganizationPublic;
+    tokens: Tokens;
+  };
+}
+
+// ============================================
+// AUDIT LOG TYPES
+// ============================================
+
+export type AuditAction = 
+  | "user.login"
+  | "user.logout"
+  | "user.register"
+  | "user.password_reset"
+  | "user.password_change"
+  | "user.verify_email"
+  | "user.enable_2fa"
+  | "user.disable_2fa"
+  | "data.export"
+  | "data.delete";
+
+export interface AuditLog {
+  id: string;
+  org_id: string;
+  user_id: string;
+  action: AuditAction;
+  entity_type?: string;
+  entity_id?: string;
+  old_data?: Record<string, unknown>;
+  new_data?: Record<string, unknown>;
+  ip_address?: string;
+  user_agent?: string;
+  created_at: Date;
+}
+
+// ============================================
+// CONTEXT TYPES (for Oak middleware)
+// ============================================
+
+export interface AuthState {
+  user: UserPublic;
+  orgId: string;
+}