Add utils package with Web Crypto password hashing

- Create @reviq/utils package with PBKDF2-SHA256 password hashing
  compatible with Cloudflare Workers (uses crypto.subtle)
- Update api-server and CLI to use new utils package for consistent
  password hashing format across the codebase
- Add pino logging to api-server for better request debugging
- Make login request tokens cryptographically secure base58 strings
  instead of database IDs
- Add migration to make login_requests.token non-nullable with unique
  constraint
- Fix RPCLink URL construction for client-side API calls
- Add db:codegen script to root package.json

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/cli/src/routes/bootstrap.ts

@@ -1,8 +1,8 @@
 import type { LocalContext } from "../context.js";
 import { createDb } from "@reviq/db";
+import { hashPassword } from "@reviq/utils";
 import { buildCommand } from "@stricli/core";
 import { writeConfig } from "../utils/config.js";
-import { hashPassword } from "../utils/password.js";
 import { generateToken, hashToken } from "../utils/token.js";
 
 interface BootstrapFlags {
@@ -40,7 +40,7 @@ async function bootstrap(
     }
 
     // Hash the password
-    const passwordHash = hashPassword(flags.password);
+    const passwordHash = await hashPassword(flags.password);
 
     // Create superuser
     const [user] = await db