feat: comprehensive security and architecture improvements

- Add Zod validation schemas with strong password requirements (12+ chars, complexity)
- Implement rate limiting for authentication endpoints (registration, password reset)
- Remove duplicate MetricCard component, consolidate to ui/metric-card.tsx
- Update README.md to use pnpm commands consistently
- Enhance authentication security with 12-round bcrypt hashing
- Add comprehensive input validation for all API endpoints
- Fix security vulnerabilities in user registration and password reset flows

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

components/SessionDetails.tsx

@@ -90,7 +90,6 @@ export default function SessionDetails({ session }: SessionDetailsProps) {
           <span className="font-medium">{session.messagesSent || 0}</span>
         </div>
 
-
         {session.avgResponseTime !== null &&
           session.avgResponseTime !== undefined && (
             <div className="flex justify-between border-b pb-2">
@@ -132,7 +131,6 @@ export default function SessionDetails({ session }: SessionDetailsProps) {
           </div>
         )}
 
-
         {session.initialMsg && (
           <div className="border-b pb-2">
             <span className="text-gray-600 block mb-1">Initial Message:</span>
@@ -151,7 +149,6 @@ export default function SessionDetails({ session }: SessionDetailsProps) {
           </div>
         )}
 
-
         {session.fullTranscriptUrl && (
           <div className="flex justify-between pt-2">
             <span className="text-gray-600">Transcript:</span>