Implement Workstream F1: me.get and me.setupProfile procedures

- Add me.get procedure returning user profile with needsSetup flag
- Add me.setupProfile procedure for initial profile setup after signup
- Add nonEmptyString/optionalString schema helpers with tests
- Use Web Crypto API (SubtleCrypto) for Cloudflare Workers compatibility
- Use @formatjs/intl-durationformat for duration formatting
- Remove node:crypto dependency from crypto utilities

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/api-server/src/utils/auth.ts

@@ -4,7 +4,7 @@
 
 import type { Database } from "@reviq/db-schema";
 import type { Kysely } from "kysely";
-import { sha256 } from "@noble/hashes/sha2.js";
+import { hashToken } from "./crypto.js";
 
 export interface AuthenticatedUser {
   id: number;
@@ -12,13 +12,6 @@ export interface AuthenticatedUser {
   isSuperuser: boolean;
 }
 
-/**
- * Hash a token using SHA-256
- */
-export const hashToken = (token: string): string => {
-  return Buffer.from(sha256(Buffer.from(token))).toString("hex");
-};
-
 /**
  * Authenticate a request using session token or API key
  * Returns the authenticated user or null if not authenticated
@@ -34,7 +27,7 @@ export const authenticateRequest = async (
     return null;
   }
 
-  const tokenHash = hashToken(token);
+  const tokenHash = await hashToken(token);
 
   // Check sessions table
   const session = await db