feat: email verification, merchant/store password reset, seed gap fix

- Add EmailVerificationToken and UserPasswordResetToken models with migration
- Add email verification flow: verify-email page route, resend-verification API
- Block login for unverified users (EmailNotVerifiedException in auth_service)
- Add forgot-password/reset-password endpoints for merchant and store auth
- Add "Forgot Password?" links to merchant and store login pages
- Send welcome email with verification link on merchant creation
- Seed email_verification and merchant_password_reset email templates
- Fix db-reset Makefile to run all init-prod seed scripts
- Add UserAuthService to satisfy architecture validation rules
- Add 52 new tests (unit + integration) with full coverage

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/modules/tenancy/routes/api/merchant.py

@@ -24,15 +24,19 @@ from app.modules.tenancy.schemas import (
 from app.modules.tenancy.services.merchant_service import merchant_service
 from models.schema.auth import UserContext
 
+from .email_verification import email_verification_api_router
 from .merchant_auth import merchant_auth_router
 
 logger = logging.getLogger(__name__)
 
 router = APIRouter()
 
-# Include auth routes (/auth/login, /auth/logout, /auth/me)
+# Include auth routes (/auth/login, /auth/logout, /auth/me, /auth/forgot-password, /auth/reset-password)
 router.include_router(merchant_auth_router, tags=["merchant-auth"])
 
+# Include email verification routes (/resend-verification)
+router.include_router(email_verification_api_router, tags=["email-verification"])
+
 # Account routes are defined below with /account prefix
 _account_router = APIRouter(prefix="/account")