feat: comprehensive security and architecture improvements

- Add Zod validation schemas with strong password requirements (12+ chars, complexity)
- Implement rate limiting for authentication endpoints (registration, password reset)
- Remove duplicate MetricCard component, consolidate to ui/metric-card.tsx
- Update README.md to use pnpm commands consistently
- Enhance authentication security with 12-round bcrypt hashing
- Add comprehensive input validation for all API endpoints
- Fix security vulnerabilities in user registration and password reset flows

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

app/api/dashboard/metrics/route.ts

@@ -42,7 +42,7 @@ export async function GET(request: NextRequest) {
   if (startDate && endDate) {
     whereClause.startTime = {
       gte: new Date(startDate),
-      lte: new Date(endDate + 'T23:59:59.999Z'), // Include full end date
+      lte: new Date(endDate + "T23:59:59.999Z"), // Include full end date
     };
   }
 
@@ -94,10 +94,12 @@ export async function GET(request: NextRequest) {
   // Calculate date range from sessions
   let dateRange: { minDate: string; maxDate: string } | null = null;
   if (prismaSessions.length > 0) {
-    const dates = prismaSessions.map(s => new Date(s.startTime)).sort((a, b) => a.getTime() - b.getTime());
+    const dates = prismaSessions
+      .map((s) => new Date(s.startTime))
+      .sort((a, b) => a.getTime() - b.getTime());
     dateRange = {
-      minDate: dates[0].toISOString().split('T')[0], // First session date
-      maxDate: dates[dates.length - 1].toISOString().split('T')[0] // Last session date
+      minDate: dates[0].toISOString().split("T")[0], // First session date
+      maxDate: dates[dates.length - 1].toISOString().split("T")[0], // Last session date
     };
   }