Add generateSecureBase58Token to shared utils with login_ prefix

- Create packages/utils/src/generate-base58-token.ts with typed prefix support
- Function returns `${TPrefix}${string}` for type-safe prefixed tokens
- Add isBase58() validator and parseBase58Token() helper
- Add comprehensive tests (13 test cases)

- Update login request tokens to use "login_" prefix
- Fix login-password.ts to not replace token (cookie/DB mismatch bug)
- Migrate all token generation from generateSecureToken (hex) to
  generateSecureBase58Token (base58)
- Remove duplicate token generation from api-server/utils/crypto.ts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/api-server/src/procedures/auth/resend-verification.ts

@@ -5,13 +5,16 @@
  * Flow:
  * 1. Check if email is already verified (return early if so)
  * 2. Delete any existing verification tokens for this user
- * 3. Generate new secure token (64 hex chars)
+ * 3. Generate new secure base58 token
  * 4. Create new email_verifications record with 24 hour expiry
  * 5. Send verification email (stubbed)
  */
 
 import { TOKEN_DURATIONS } from "../../utils/cookies.js";
-import { generateExpiry, generateSecureToken } from "../../utils/crypto.js";
+import {
+  generateExpiry,
+  generateSecureBase58Token,
+} from "../../utils/crypto.js";
 import { sendVerificationEmail } from "../../utils/email.js";
 import { authMiddleware, os } from "../base.js";
 
@@ -30,8 +33,8 @@ export const resendVerificationEmail = os.auth.resendVerificationEmail
       .where("user_id", "=", context.user.id)
       .execute();
 
-    // Generate new secure token
-    const token = generateSecureToken();
+    // Generate new secure base58 token
+    const token = generateSecureBase58Token();
     const expiresAt = generateExpiry(TOKEN_DURATIONS.EMAIL_VERIFICATION);
 
     // Create new verification record