refactor: improve security, split routes, add API resources and FormRequests

- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers

app/Http/Requests/Api/ArticleCommentRequest.php

@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\Api;
+
+use App\Rules\WebsiteWordfilterRule;
+use Illuminate\Foundation\Http\FormRequest;
+
+class ArticleCommentRequest extends FormRequest
+{
+    public function rules(): array
+    {
+        return [
+            'comment' => ['required', 'string', 'max:1000', new WebsiteWordfilterRule],
+        ];
+    }
+
+    public function authorize(): bool
+    {
+        return true;
+    }
+}