refactor: improve security, split routes, add API resources and FormRequests

- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers

app/Http/Requests/Api/HelpTicketRequest.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\Api;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class HelpTicketRequest extends FormRequest
+{
+    public function rules(): array
+    {
+        return [
+            'subject' => ['required', 'string', 'max:200'],
+            'category' => ['required', 'string', 'max:100'],
+            'message' => ['required', 'string', 'max:5000'],
+        ];
+    }
+
+    public function authorize(): bool
+    {
+        return true;
+    }
+}