Add generateSecureBase58Token to shared utils with login_ prefix

- Create packages/utils/src/generate-base58-token.ts with typed prefix support
- Function returns `${TPrefix}${string}` for type-safe prefixed tokens
- Add isBase58() validator and parseBase58Token() helper
- Add comprehensive tests (13 test cases)

- Update login request tokens to use "login_" prefix
- Fix login-password.ts to not replace token (cookie/DB mismatch bug)
- Migrate all token generation from generateSecureToken (hex) to
  generateSecureBase58Token (base58)
- Remove duplicate token generation from api-server/utils/crypto.ts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/api-server/src/procedures/orgs/invites.ts

@@ -4,7 +4,10 @@
 
 import { ORPCError } from "@orpc/server";
 import { ORG_INVITE_EXPIRY_DAYS } from "../../constants.js";
-import { generateExpiry, generateSecureToken } from "../../utils/crypto.js";
+import {
+  generateExpiry,
+  generateSecureBase58Token,
+} from "../../utils/crypto.js";
 import { sendOrgInviteEmail } from "../../utils/email.js";
 import { authMiddleware, os } from "../base.js";
 import { getMembership, lookupOrgBySlug, requireRole } from "./helpers.js";
@@ -88,7 +91,7 @@ export const invitesCreate = os.orgs.invites.create
     }
 
     // Generate invite token and expiry
-    const token = generateSecureToken();
+    const token = generateSecureBase58Token();
     const expiresAt = generateExpiry(ORG_INVITE_EXPIRY_DAYS * 24 * 60 * 60);
 
     try {