feat(api): implement centralized API client and refactor vendor pages

Introduced a new API client in src/lib/api/ to handle requests securely. Refactored vendor pages to use this client. Updated authentication logic in layout and login pages.

src/routes/(app)/+layout.svelte

@@ -4,6 +4,7 @@
   import type { Writable } from 'svelte/store';
   import '../../app.postcss'; // Import Tailwind CSS
   import { user, darkMode, type User } from '$lib/states';
+  import { authApi } from '$lib/api';
 
   // Initialize dark mode on mount to ensure data-theme is set
   onMount(() => {
@@ -18,17 +19,15 @@
   // Placeholder for user store - in a real app, this would be managed by an auth library or context
   let storedUser: User | null = null;
 
-  // Check for user session on mount (this is a placeholder, actual implementation may vary)
+  // Check for user session on mount
   onMount(() => {
     const storedUserString = localStorage.getItem('user');
-    const token = localStorage.getItem('auth_token');
-    if (storedUserString && token) {
+    if (storedUserString) {
       storedUser = JSON.parse(storedUserString);
       user.set(storedUser);
     } else {
-      // Clear if inconsistent
+      // No user stored
       localStorage.removeItem('user');
-      localStorage.removeItem('auth_token');
       user.set(null);
     }
   });
@@ -41,11 +40,10 @@
     }
   });
 
-  // Logout function
-  const logout = () => {
+  // Logout function - now async to call API to clear httpOnly cookie
+  const logout = async () => {
+    await authApi.logout();
     user.set(null);
-    localStorage.removeItem('user');
-    localStorage.removeItem('auth_token');
     window.location.href = '/';
   };