feat: wire frontend pages to tRPC APIs

- Add hooks (useAuth, useSubscription, useNotifications) for real API data
- Add auth service (login/signup) with password hashing and session support
- Replace stub auth with real tRPC calls in login/signup/onboarding pages
- Replace mock dashboard data with real API data from hooks
- Create service pages: DarkWatch, VoicePrint, SpamShield, HomeTitle, RemoveBrokers, Settings
- Update Navbar, TopBar, Sidebar with real user data and correct routes
- Add passwordHash field to users schema for credential auth
- Fix tests to work with real hooks (mock tRPC/hooks)

web/src/routes/migrated-pages.test.tsx

@@ -14,6 +14,33 @@ vi.mock("@solidjs/router", () => ({
   useSearchParams: () => [new URLSearchParams(), vi.fn()],
 }));
 
+vi.mock("~/hooks", () => ({
+  useAuth: () => ({
+    user: () => ({ name: "Test User", email: "test@shieldai.app" }),
+    isAuthenticated: () => true,
+    isLoading: () => false,
+    logout: vi.fn(),
+  }),
+  useSubscription: () => ({
+    subscription: () => ({ tier: "plus", status: "active" }),
+    tier: () => "plus",
+    isLoading: () => false,
+    hasFeature: () => true,
+  }),
+  useNotifications: () => ({
+    alerts: () => [
+      { id: "1", title: "New credential leak detected", description: "Your email was found in a data breach", severity: "HIGH", createdAt: "5m ago" },
+      { id: "2", title: "VoicePrint scan completed", description: "No deepfake voice activity detected", severity: "INFO", createdAt: "1h ago" },
+      { id: "3", title: "RemoveBroker opt-out confirmed", description: "Your data has been removed from Whitepages", severity: "INFO", createdAt: "3h ago" },
+      { id: "4", title: "Suspicious call blocked", description: "SpamShield blocked a call", severity: "WARNING", createdAt: "6h ago" },
+      { id: "5", title: "HomeTitle alert", description: "A document was filed", severity: "CRITICAL", createdAt: "1d ago" },
+    ],
+    unreadCount: () => 5,
+    markRead: vi.fn(),
+    isLoading: () => false,
+  }),
+}));
+
 import BlogPage from "./blog";
 import BlogPostPage from "./blog/[slug]";
 import AdsPage from "./ads";
@@ -175,16 +202,11 @@ describe("DashboardPage", () => {
     expect(document.body.textContent).toContain("Overview");
   });
 
-  it("renders stat cards with mock data", () => {
+  it("renders stat cards with data from hooks", () => {
     mount(() => <DashboardPage />);
+    expect(document.body.textContent).toContain("Plan Tier");
+    expect(document.body.textContent).toContain("Total Alerts");
     expect(document.body.textContent).toContain("Active Threats");
-    expect(document.body.textContent).toContain("Protected Accounts");
-    expect(document.body.textContent).toContain("Dark Web Scans");
-    expect(document.body.textContent).toContain("Alerts Today");
-    expect(document.body.textContent).toContain("3");
-    expect(document.body.textContent).toContain("12");
-    expect(document.body.textContent).toContain("1,847");
-    expect(document.body.textContent).toContain("7");
   });
 
   it("renders sidebar with navigation links", () => {