fix(GRO-563): stabilize OAuth login - upgrade better-auth, fix service worker, add 503 handling

- apps/web: upgrade better-auth from ^1.0.0 to ^1.5.6 (matches API)
- apps/web/vite.config.ts: exclude /api/auth/* from service worker caching
- apps/api/index.ts: return 503 when auth not configured
- apps/api/middleware/auth.ts: return 503 when auth not initialized

Co-Authored-By: Paperclip <noreply@paperclip.ing>

apps/web/package.json

@@ -15,7 +15,7 @@
   "dependencies": {
     "@groombook/types": "workspace:*",
     "@tailwindcss/vite": "^4.2.2",
-    "better-auth": "^1.0.0",
+    "better-auth": "^1.5.6",
     "lucide-react": "^0.577.0",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",

apps/web/vite.config.ts

@@ -41,11 +41,11 @@ export default defineConfig({
       workbox: {
         globPatterns: ["**/*.{js,css,html,ico,png,svg,woff2}"],
         navigateFallbackDenylist: [
-          /^\/api\/auth\/oauth2\/callback\//,
+          /^\/api\/auth\//,
         ],
         runtimeCaching: [
           {
-            urlPattern: /^http.*\/api\/.*/i,
+            urlPattern: /^http.*\/api\/(?!auth\/).*/i,
             handler: "NetworkFirst",
             options: {
               cacheName: "api-cache",