feat(auth): require email confirmation for new accounts

Updates the user registration and new account creation endpoints to require email confirmation.

- Sets the 'confirmed' flag to 'false' by default for all new user accounts.
- Generates a unique confirmation token for each new user.
- Logs the confirmation link to the console for development purposes.

This change ensures that users cannot log in without first verifying their email address, enhancing account security.

routes/auth/login.py

@@ -37,6 +37,12 @@ async def authenticate_user(db: AsyncSession, email: str, password: str):
         return False
     if not verify_password(password, user.password_hash):
         return False
+    if not user.confirmed:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Please confirm your email address before logging in.",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
     # Update last_seen
     user.last_seen = datetime.utcnow()
     await db.commit()