Add admin CLI command and auth guard, use oRPC client

CLI changes:
- Use official oRPC client instead of manual HTTP requests
- Add admin complete-login command for dev workflow
- Remove type assertions, use proper ContractRouterClient typing
- Add @orpc/client and @orpc/contract dependencies

API changes:
- Use oRPC cookie helpers from @orpc/server/helpers
- Improve admin complete-login error messages (expired, already completed)

Dashboard changes:
- Add AuthGuard component to redirect unauthenticated users to /auth/login
- Update confirm page with correct CLI command and copy button
- Remove duplicate auth redirect from dashboard layout

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/cli/src/routes/user/confirm-email.ts

@@ -11,9 +11,9 @@ async function confirmEmail(
   flags: ConfirmEmailFlags,
 ): Promise<void> {
   try {
-    const client = await createApiClient();
+    const api = await createApiClient();
 
-    await client.call("admin.users.confirmEmail", {
+    await api.admin.users.confirmEmail({
       email: flags.email,
     });