refactor: improve security, split routes, add API resources and FormRequests

- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers

app/Http/Resources/Api/UserApiResource.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class UserApiResource extends JsonResource
+{
+    #[\Override]
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => (string) $this->id,
+            'email' => $this->mail,
+            'username' => $this->username,
+            'look' => $this->look,
+            'motto' => $this->motto ?? '',
+            'credits' => $this->credits ?? 0,
+            'pixels' => $this->pixels ?? 0,
+            'diamonds' => $this->diamonds ?? 0,
+        ];
+    }
+}