security: MFA backup codes — issue on enable, redeem at login, regenerate on demand (#43)

Adds a one-time-use backup code set so users with a lost authenticator are not
locked out. Codes are Crockford base32 (XXXXX-XXXXX), hashed with argon2id, and
redeemed under a WHERE-guarded delete so a concurrent replay race fails closed.

- New MfaBackupCode model + migration
- Issue 10 codes inside the enable transaction; show plaintext exactly once
- Sign-in page accepts TOTP or backup code, reporting remaining count
- regenerateBackupCodes tRPC mutation wipes + reissues atomically
- Unit coverage for generator, normalizer, verify, redeem, and race path

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

packages/api/src/router/user.ts

@@ -42,6 +42,7 @@ import {
   saveDashboardLayout,
   SetColumnPreferencesInputSchema,
   setColumnPreferences,
+  regenerateBackupCodes,
   ToggleFavoriteProjectInputSchema,
   toggleFavoriteProject,
   verifyAndEnableTotp as verifyAndEnableTotpSelfService,
@@ -152,4 +153,7 @@ export const userRouter = createTRPCRouter({
 
   /** Get MFA status for the current user. */
   getMfaStatus: protectedProcedure.query(({ ctx }) => getCurrentMfaStatus(ctx)),
+
+  /** Generate a fresh set of MFA backup codes, invalidating any previous set. */
+  regenerateBackupCodes: protectedProcedure.mutation(({ ctx }) => regenerateBackupCodes(ctx)),
 });