Implement Magic Link Authentication Flow

Complete passwordless auth flow for Aktion portal. Update login form (email only, no password), add magic link request/verify endpoints, and create verification handler page with error states.

Note: - POST /auth/magic-link/request - validates email, generates token, sends email, returns generic success - GET /auth/magic-link/verify?token=X - validates token, creates session, redirects to dashboard or error page - Frontend: modify login form, add loading states, create verification page with error handling - Security: HTTPS-only, generic success messages, rate limiting (see TBD-03) - Server-side session management (existing pattern)

Example(s): Error messages (user-facing): - Expired: "This login link has expired. Please request a new one." - Already used: "This login link has already been used. Please request a new one." - Invalid: "Invalid login link. Please request a new one."