fix: authenticate socket connections

[saurabhhhcodes]

Summary

• require JWT authentication during the Socket.IO handshake
• bind the authenticated JWT user id to the socket session
• reject get_userid claims that do not match the authenticated user
• send the stored frontend JWT in socket auth and refresh socket auth when the token changes
• add a focused socket auth unit test for valid tokens, invalid tokens, missing user ids, and impersonation mismatch checks

Closes #145

Validation

• cd server && npm run test:socket:auth
• cd server && npm run test:auth:unit
• cd frontend && npm run lint
• cd frontend && npm run build
• git diff --check

Notes:

• npm ci reports existing dependency audit advisories in server/frontend; this PR does not change dependencies.
• Vite build completes with the existing large chunk warning.

[vercel]

Someone is attempting to deploy a commit to the Sunil Kumar's projects Team on Vercel.

A member of the Team first needs to authorize it.

[saurabhhhcodes]

Closing this duplicate in favor of #190, which already covers #145 and has the repo CI checks green. Keeping the active fix consolidated there to avoid duplicate review effort.