Add user authentication, RBAC, and improved recruiter dashboard

- JWT-based auth with access tokens (15m) and refresh tokens (7d)
- User registration, login, logout, and /auth/me endpoints
- Three roles: admin, recruiter, hiring_manager with middleware enforcement
- users and refresh_tokens tables with bcrypt password hashing
- Login and Register pages with full form validation
- Protected routes — unauthenticated users redirect to /login
- Dashboard upgraded: real metrics, pipeline overview with progress bars,
  recent activity feed with 30s polling, and quick-action cards
- Dashboard API endpoints: /api/dashboard/metrics, pipeline-summary, recent-activity

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

package.json

@@ -13,14 +13,16 @@
     "dev:client": "cd client && npm run dev"
   },
   "dependencies": {
-    "express": "^4.18.2",
-    "pg": "^8.11.3",
-    "redis": "^4.6.12",
+    "bcryptjs": "^3.0.3",
     "cors": "^2.8.5",
-    "multer": "^1.4.5-lts.1"
+    "express": "^4.18.2",
+    "jsonwebtoken": "^9.0.3",
+    "multer": "^1.4.5-lts.1",
+    "pg": "^8.11.3",
+    "redis": "^4.6.12"
   },
   "devDependencies": {
-    "nodemon": "^3.0.2",
-    "concurrently": "^8.2.2"
+    "concurrently": "^8.2.2",
+    "nodemon": "^3.0.2"
   }
 }