feat: replace admin auth with cookie-based profile picker

Remove all authentication (login, sessions, bcrypt, itsdangerous) since
the app runs on a private homelab LAN. Replace with a profile picker
landing page and cookie-based profile selection (1-year expiry).

- Add Alembic migration to drop password_hash/is_admin columns
- Delete auth service, auth routes, login template, and auth tests
- Rewrite app/utils/auth.py with NoProfileSelectedError and
  require_active_profile dependency
- Add profile creation flow (GET/POST /profiles/create)
- Rewrite home page as profile picker with card layout
- Update all route files to use profile dependency instead of admin auth
- Remove bcrypt and itsdangerous from requirements
- Remove admin_username/admin_password from config
- Update all tests for new profile-based access model

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/routes/pages.py

@@ -3,21 +3,27 @@
 Renders Jinja2 templates for user-facing pages.
 """
 
-from fastapi import APIRouter, Request
+from fastapi import APIRouter, Depends, Request
 from fastapi.responses import HTMLResponse
+from sqlmodel import Session
+
+from app.database import get_db_session
+from app.services.user_service import UserService
 
 router = APIRouter(tags=["pages"])
 
 
 @router.get("/")
-async def home_page(request: Request) -> HTMLResponse:
-    """Render the home page.
+async def home_page(
+    request: Request,
+    session: Session = Depends(get_db_session),
+) -> HTMLResponse:
+    """Render the home page with profile picker or create-profile link."""
+    user_service = UserService(session)
+    profiles = user_service.list_users()
 
-    Args:
-        request: The incoming HTTP request.
-
-    Returns:
-        Rendered home page HTML.
-    """
     templates = request.app.state.templates
-    return templates.TemplateResponse(request, "pages/home.html")
+    return templates.TemplateResponse("pages/home.html", {
+        "request": request,
+        "profiles": profiles,
+    })