Improve API token format and enhance auth status command

- Change token format to reviq_<base58> prefix instead of raw hex
- Add me.authStatus API endpoint for detailed auth information
- Enhance CLI `reviq auth status` to show token details from API
- Add comprehensive tests for token generation (18 tests)
- Extract bootstrap logic to @reviq/db for reusability and testing
- Remove default db export; callers must use createDb() directly

Token changes:
- New format: reviq_<base58-encoded-32-bytes>
- Added parseToken() for validation
- Added isValidTokenFormat() helper

Auth status endpoint returns:
- User profile information
- Auth method (api_token or session)
- Token/session details (name, expiration, last used)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/api-server/src/procedures/base.ts

@@ -8,6 +8,7 @@
 import type {
   APIContext,
   AuthenticatedContext,
+  AuthInfo,
   LoginRequestContext,
   Session,
   SessionUser,
@@ -122,10 +123,28 @@ export const authMiddleware = os.middleware(async ({ context, next }) => {
         createdAt: apiToken?.created_at ?? new Date(),
       };
 
+  // Build auth info based on authentication method
+  const authInfo: AuthInfo = session
+    ? {
+        method: "session",
+        sessionId: session.id,
+        expiresAt: session.expires_at,
+        createdAt: session.created_at,
+      }
+    : {
+        method: "api_token",
+        tokenId: apiToken?.id,
+        tokenName: apiToken?.name,
+        expiresAt: apiToken?.expires_at,
+        lastUsedAt: apiToken?.last_used_at,
+        createdAt: apiToken?.created_at,
+      };
+
   return next({
     context: {
       user: sessionUser,
       session: sessionInfo,
+      auth: authInfo,
     },
   });
 });