feat: email verification, merchant/store password reset, seed gap fix

- Add EmailVerificationToken and UserPasswordResetToken models with migration
- Add email verification flow: verify-email page route, resend-verification API
- Block login for unverified users (EmailNotVerifiedException in auth_service)
- Add forgot-password/reset-password endpoints for merchant and store auth
- Add "Forgot Password?" links to merchant and store login pages
- Send welcome email with verification link on merchant creation
- Seed email_verification and merchant_password_reset email templates
- Fix db-reset Makefile to run all init-prod seed scripts
- Add UserAuthService to satisfy architecture validation rules
- Add 52 new tests (unit + integration) with full coverage

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/modules/tenancy/exceptions.py

@@ -92,6 +92,16 @@ class AdminRequiredException(AuthorizationException):
         )
 
 
+class EmailNotVerifiedException(AuthorizationException):
+    """User's email is not verified."""
+
+    def __init__(self, message: str = "Email address not verified. Please check your inbox."):
+        super().__init__(
+            message=message,
+            error_code="EMAIL_NOT_VERIFIED",
+        )
+
+
 class UserAlreadyExistsException(ConflictException):
     """Raised when trying to register with existing username/email."""
 
@@ -1072,6 +1082,7 @@ __all__ = [
     "InvalidTokenException",
     "InsufficientPermissionsException",
     "UserNotActiveException",
+    "EmailNotVerifiedException",
     "AdminRequiredException",
     "UserAlreadyExistsException",
     # Platform