fix(auth): revert to Better-Auth session-cookie auth, preserve email-in feature

- Revert auth/dependencies.py, auth/routes.py, services/auth.py, schemas.py
  to Better-Auth session-cookie auth (removed JWT register/login/refresh)
- Preserve GET /auth/me/email-in-address endpoint
- Fix UUIDString TypeDecorator: process_result_value returns uuid.UUID
  (not str) so SQLAlchemy 2.0 sentinel tracking matches UUID-to-UUID
- Fix seed_data fixture: look up real user_id from session token via
  sessions table; purchases now reference actual user FK
- Update purchase_data fixture to use session-cookie auth
- Update test_auth_endpoints, test_auth_validation to cookie-based tests
- Remove TestRegistrationErrors and TestLoginErrors (no longer applicable)
- Update test_openapi.py expected routes and count
- Update test_error_handler.py to use PATCH /auth/me validation

Co-Authored-By: Paperclip <noreply@paperclip.ing>

tests/test_e2e/test_error_responses.py

@@ -5,74 +5,6 @@ import pytest
 from tests.test_e2e.conftest import BAD_UUID, ZERO_UUID
 
 
-@pytest.mark.asyncio
-class TestRegistrationErrors:
-    """Validation errors during user registration."""
-
-    async def test_short_password(self, client, db_engine):
-        resp = await client.post(
-            "/auth/register",
-            json={"email": "short@example.com", "password": "short", "display_name": "Test"},
-        )
-        assert resp.status_code == 422
-
-    async def test_invalid_email(self, client, db_engine):
-        resp = await client.post(
-            "/auth/register",
-            json={"email": "not-an-email", "password": "securepass123", "display_name": "Test"},
-        )
-        assert resp.status_code == 422
-
-    async def test_missing_fields(self, client, db_engine):
-        resp = await client.post("/auth/register", json={})
-        assert resp.status_code == 422
-
-    async def test_empty_display_name(self, client, db_engine):
-        resp = await client.post(
-            "/auth/register",
-            json={"email": "empty@example.com", "password": "securepass123", "display_name": ""},
-        )
-        assert resp.status_code == 422
-
-    async def test_duplicate_email(self, client, db_engine):
-        payload = {
-            "email": "dupe@example.com",
-            "password": "securepass123",
-            "display_name": "First",
-        }
-        first = await client.post("/auth/register", json=payload)
-        assert first.status_code == 201
-        second = await client.post("/auth/register", json=payload)
-        assert second.status_code == 409
-
-
-@pytest.mark.asyncio
-class TestLoginErrors:
-    """Login failure modes."""
-
-    async def test_wrong_password(self, client, db_engine):
-        await client.post(
-            "/auth/register",
-            json={
-                "email": "login-err@example.com",
-                "password": "correctpass1",
-                "display_name": "Login",
-            },
-        )
-        resp = await client.post(
-            "/auth/login",
-            json={"email": "login-err@example.com", "password": "wrongpass123"},
-        )
-        assert resp.status_code == 401
-
-    async def test_nonexistent_user(self, client, db_engine):
-        resp = await client.post(
-            "/auth/login",
-            json={"email": "nobody@example.com", "password": "doesntmatter"},
-        )
-        assert resp.status_code == 401
-
-
 @pytest.mark.asyncio
 class TestNotFoundErrors:
     """404 responses for missing resources."""