feat: add multi-provider auth via AuthIdentity and extend site config

- Extract AuthIdentity model for multi-provider authentication (email_password, OAuth, Passkey, Magic Link)
- Remove password field from User model, credentials now stored in AuthIdentity
- Refactor unified login/register to use AuthIdentity-based provider checking
- Add site config fields: footer_code, tos_url, privacy_url, auth_methods
- Add auth settings defaults in migration (email_password enabled by default)
- Update admin user creation to create AuthIdentity records
- Update all tests to use AuthIdentity model

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

tests/test_db_user.py

@@ -18,7 +18,6 @@ async def test_user_curd():
 
         test_user = User(
             email='test_user@test.local',
-            password='test_password',
             group_id=created_group.id
         )
 
@@ -28,7 +27,6 @@ async def test_user_curd():
         # 验证用户是否存在
         assert created_user.id is not None
         assert created_user.email == 'test_user@test.local'
-        assert created_user.password == 'test_password'
         assert created_user.group_id == created_group.id
 
         # 测试查 Read
@@ -36,18 +34,16 @@ async def test_user_curd():
 
         assert fetched_user is not None
         assert fetched_user.email == 'test_user@test.local'
-        assert fetched_user.password == 'test_password'
         assert fetched_user.group_id == created_group.id
 
         # 测试改 Update
         updated_user = await fetched_user.update(
             session,
-            {"email": "updated_user@test.local", "password": "updated_password"}
+            {"email": "updated_user@test.local"}
         )
 
         assert updated_user is not None
         assert updated_user.email == 'updated_user@test.local'
-        assert updated_user.password == 'updated_password'
 
         # 测试删除 Delete
         await updated_user.delete(session)