Implement Workstream I: Account pages with code review fixes

Add account management UI with profile settings, authentication options,
device/passkey management, and session management pages.

Key changes:
- Add account pages: profile, auth, devices, sessions
- Add dialog components: confirm, add-passkey, change-password, rename-passkey
- Return passkeyId from verifyRegistration to fix race condition
- Add hasPassword field to user schema
- Add aria-label to dialog close button for accessibility
- Add avatar URL validation and fix phone input styling
- Add comprehensive test plan documentation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/api-server/src/router.ts

@@ -108,7 +108,13 @@ const verifyRegistration = os.auth.webauthn.verifyRegistration
       context.allowedOrigins,
       context.rpName,
     );
-    await verifyReg(context.db, rpInfo, context.user.id, challengeId, response);
+    return verifyReg(
+      context.db,
+      rpInfo,
+      context.user.id,
+      challengeId,
+      response,
+    );
   });
 
 const createAuthenticationOptions = os.auth.webauthn.createAuthenticationOptions
@@ -161,6 +167,7 @@ const meGet = os.me.get.use(authMiddleware).handler(async ({ context }) => {
       "avatar_url",
       "email_verified_at",
       "is_superuser",
+      "password_hash",
     ])
     .where("id", "=", context.user.id)
     .executeTakeFirstOrThrow();
@@ -175,6 +182,7 @@ const meGet = os.me.get.use(authMiddleware).handler(async ({ context }) => {
     emailVerified: user.email_verified_at !== null,
     needsSetup: user.display_name === null,
     isSuperuser: user.is_superuser,
+    hasPassword: user.password_hash !== null,
   };
 });