feat: SMTP full ENV override, password reset flow, and E2E email testing

- SMTP: SMTP_HOST/PORT/USER/FROM/TLS now all have ENV override support
  (previously only SMTP_PASSWORD was env-aware). ENV takes priority over DB.
- docker-compose.yml: forward all SMTP_* env vars to app container + add
  Mailhog service (ports 1025 SMTP / 8025 HTTP, always available in dev)
- Password reset: PasswordResetToken Prisma model + authRouter with
  requestPasswordReset (timing-safe, no email enumeration) + resetPassword
- UI: /auth/forgot-password, /auth/reset-password/[token] pages +
  "Forgot password?" link on sign-in page
- E2E: Mailhog helpers (getLatestEmailTo, clearMailhog, extractUrlFromEmail)
  + invite-flow.spec.ts + password-reset.spec.ts

Co-Authored-By: claude-flow <ruv@ruv.net>

packages/api/src/lib/email.ts

@@ -51,9 +51,14 @@ async function getSmtpConfig() {
     await db.systemSettings.findUnique({ where: { id: "singleton" } }),
   );
   if (!settings.smtpHost) return null;
+  const port = typeof settings.smtpPort === "number"
+    ? settings.smtpPort
+    : settings.smtpPort !== null && settings.smtpPort !== undefined
+      ? parseInt(String(settings.smtpPort), 10)
+      : 587;
   return {
     host: settings.smtpHost,
-    port: settings.smtpPort ?? 587,
+    port,
     secure: settings.smtpTls === false ? false : true,
     auth:
       settings.smtpUser && settings.smtpPassword