Add transactions to auth procedures and extract DB models

- Wrap multiple DB operations in transactions for atomicity:
  - login-if-completed: device upsert + session + login_request deletion
  - forgot-password: delete old tokens + insert new token
  - signup: session + email_verification creation

- Extract reusable DB model operations to packages/db/src/models/:
  - sessions.ts: insertSession()
  - user-devices.ts: upsertUserDevice(), isDeviceTrusted()

- Update session.ts to use new model functions from @reviq/db
- Fix type narrowing in admin.test.ts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/api-server/src/__tests__/e2e/admin.test.ts

@@ -1095,15 +1095,17 @@ describeE2E("admin", () => {
       expect(org?.display_name).toBe("New Organization");
 
       // Verify owner membership
-      const membership = await db
-        .selectFrom("org_members")
-        .where("org_id", "=", org?.id)
-        .where("user_id", "=", owner.id)
-        .selectAll()
-        .executeTakeFirst();
+      if (org) {
+        const membership = await db
+          .selectFrom("org_members")
+          .where("org_id", "=", org.id)
+          .where("user_id", "=", owner.id)
+          .selectAll()
+          .executeTakeFirst();
 
-      expect(membership).toBeDefined();
-      expect(membership?.role).toBe("owner");
+        expect(membership).toBeDefined();
+        expect(membership?.role).toBe("owner");
+      }
     });
 
     test("normalizes owner email to lowercase", async () => {