Auth with passwords + Playwright E2E tests + PostHog analytics

- bcrypt password hashing in auth (register, login, change-password)
- Login/register pages with password fields
- Profile update + OAuth placeholder endpoints
- Playwright test suite: auth, pages, API (3 test files)
- PostHog Docker analytics on :8010

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

tests/api.spec.ts

@@ -0,0 +1,40 @@
+import { test, expect } from '@playwright/test';
+
+const API = 'http://localhost:3000';
+
+test.describe('API Endpoints', () => {
+    test('health check', async ({ request }) => {
+        const res = await request.get(`${API}/health`);
+        expect(res.ok()).toBeTruthy();
+        const data = await res.json();
+        expect(data.status).toBe('ok');
+    });
+
+    test('list tasks', async ({ request }) => {
+        const res = await request.get(`${API}/api/v1/tasks`);
+        expect(res.ok()).toBeTruthy();
+    });
+
+    test('list groups', async ({ request }) => {
+        const res = await request.get(`${API}/api/v1/groups`);
+        expect(res.ok()).toBeTruthy();
+        const data = await res.json();
+        expect(data.data.length).toBeGreaterThan(0);
+    });
+
+    test('system health', async ({ request }) => {
+        const res = await request.get(`${API}/api/v1/system/health`);
+        expect(res.ok()).toBeTruthy();
+    });
+
+    test('create and delete task', async ({ request }) => {
+        const create = await request.post(`${API}/api/v1/tasks`, {
+            data: { title: 'E2E Test Task', priority: 'low' }
+        });
+        expect(create.ok()).toBeTruthy();
+        const { data } = await create.json();
+        
+        const del = await request.delete(`${API}/api/v1/tasks/${data.id}`);
+        expect(del.ok()).toBeTruthy();
+    });
+});