refactor: improve security, split routes, add API resources and FormRequests

- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers

app/Http/Resources/Api/HelpTicketReplyResource.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class HelpTicketReplyResource extends JsonResource
+{
+    #[\Override]
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => $this->id,
+            'ticket_id' => $this->ticket_id,
+            'user_id' => $this->user_id,
+            'message' => $this->message,
+            'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)),
+            'created_at' => $this->created_at,
+        ];
+    }
+}