Replace next-auth with Better Auth, migrate DB columns to camelCase

- Replace next-auth v5 beta with better-auth v1.6.2 (stable releases)
- Add multi-provider OAuth support with admin UI configuration
- New oauthProviders table with encrypted secrets (AES-256-GCM)
- Env var bootstrap (OAUTH_*) syncs to DB, UI-created providers fully editable
- OAuth provider REST API: GET/POST/PUT/DELETE /api/v1/oauth-providers
- Settings page "Authentication Providers" section for admin management
- Account linking uses new accounts table (multi-provider per user)
- Username plugin for credentials sign-in (replaces email@localhost pattern)
- bcrypt password compatibility (existing hashes work)
- Database-backed sessions via Kysely adapter (bun:sqlite direct)
- Configurable rate limiting via AUTH_RATE_LIMIT_* env vars
- All DB columns migrated from snake_case to camelCase
- All TypeScript types/models migrated to camelCase properties
- Removed casing: "snake_case" from Drizzle config
- Callback URL format: {baseUrl}/api/auth/oauth2/callback/{providerId}
- package-lock.json removed and gitignored (using bun.lock)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

drizzle/0020_better_auth.sql

@@ -0,0 +1,71 @@
+ALTER TABLE `users` ADD COLUMN `email_verified` integer NOT NULL DEFAULT 0;
+--> statement-breakpoint
+ALTER TABLE `users` ADD COLUMN `username` text;
+--> statement-breakpoint
+ALTER TABLE `users` ADD COLUMN `display_username` text;
+--> statement-breakpoint
+DROP TABLE IF EXISTS `sessions`;
+--> statement-breakpoint
+CREATE TABLE `sessions` (
+  `id` integer PRIMARY KEY AUTOINCREMENT,
+  `userId` integer NOT NULL REFERENCES `users`(`id`) ON DELETE CASCADE,
+  `token` text NOT NULL,
+  `expiresAt` text NOT NULL,
+  `ipAddress` text,
+  `userAgent` text,
+  `createdAt` text NOT NULL,
+  `updatedAt` text NOT NULL
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `sessions_token_unique` ON `sessions` (`token`);
+--> statement-breakpoint
+CREATE INDEX `sessions_user_idx` ON `sessions` (`userId`);
+--> statement-breakpoint
+CREATE TABLE `accounts` (
+  `id` integer PRIMARY KEY AUTOINCREMENT,
+  `userId` integer NOT NULL REFERENCES `users`(`id`) ON DELETE CASCADE,
+  `accountId` text NOT NULL,
+  `providerId` text NOT NULL,
+  `accessToken` text,
+  `refreshToken` text,
+  `idToken` text,
+  `accessTokenExpiresAt` text,
+  `refreshTokenExpiresAt` text,
+  `scope` text,
+  `password` text,
+  `createdAt` text NOT NULL,
+  `updatedAt` text NOT NULL
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `accounts_provider_account_idx` ON `accounts` (`providerId`, `accountId`);
+--> statement-breakpoint
+CREATE INDEX `accounts_user_idx` ON `accounts` (`userId`);
+--> statement-breakpoint
+CREATE TABLE `verifications` (
+  `id` integer PRIMARY KEY AUTOINCREMENT,
+  `identifier` text NOT NULL,
+  `value` text NOT NULL,
+  `expiresAt` text NOT NULL,
+  `createdAt` text,
+  `updatedAt` text
+);
+--> statement-breakpoint
+CREATE TABLE `oauth_providers` (
+  `id` text PRIMARY KEY NOT NULL,
+  `name` text NOT NULL,
+  `type` text NOT NULL DEFAULT 'oidc',
+  `client_id` text NOT NULL,
+  `client_secret` text NOT NULL,
+  `issuer` text,
+  `authorization_url` text,
+  `token_url` text,
+  `userinfo_url` text,
+  `scopes` text NOT NULL DEFAULT 'openid email profile',
+  `auto_link` integer NOT NULL DEFAULT 0,
+  `enabled` integer NOT NULL DEFAULT 1,
+  `source` text NOT NULL DEFAULT 'ui',
+  `created_at` text NOT NULL,
+  `updated_at` text NOT NULL
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `oauth_providers_name_unique` ON `oauth_providers` (`name`);