Secure registration and add login and 2FA

[Vianpyro]

Description

This pull request introduces several major improvements to the database schema and stored procedures related to user authentication and registration. It adds support for email verification, improves data integrity with better constraints, supports OTP (2FA), and simplifies logic for maintainability.

Changes Made

• Refactored register_user procedure and updated schema for stricter username validation.
• Changed parameter types from VARCHAR to TEXT in authenticate_user and register_user functions for consistency.
• Fixed parameter order in register_user procedure to align with schema expectations.
• Added is_user_available function to check for existing users by email.
• Updated register_user to accept language_id directly and improved schema constraints on users and languages tables.
• Simplified register_user by removing exception handling and streamlining user insertion logic.
• Enhanced task configuration: added Docker-related tasks for building/running containers and improved formatting.
• Enforced password_hash format using a constraint for Argon2id compliance.
• Renamed is_user_available to is_email_available for clarity and created pending_users table to support email confirmation workflow.
• Reintroduced is_email_available with updated logic to check across both users and pending_users.
• Refactored registration/authentication processes: removed authenticate_user, improved is_email_available, and added stored procedures for handling pending users.
• Implemented OTP secret storage in register_user, added support for HOTP in login flow, and enforced 24-hour expiration on email verification tokens.

How to Test

1. Apply the updated SQL migrations or rebuild the database from the latest schema.
2. Attempt to register a user — verify the data is stored in pending_users and a token is generated.
3. Confirm the email via token — ensure the user is moved to the users table.
4. Test login with and without 2FA.
5. Check that Argon2id hashes are required and invalid hashes are rejected.
6. Confirm constraints on usernames, emails, and language IDs work as expected.

Checklist

• My code follows the project's coding style.
• I have performed a self-review of my code.
• I have added necessary tests (if applicable).
• I have documented my changes (if necessary).

Additional Context

This update enables a more secure and structured user onboarding process. It enforces best practices like unique pending registrations, hash validation, email confirmation delays, and support for OTP-based two-factor authentication, while simplifying stored procedures and constraints for better maintainability.