refactor: improve security, split routes, add API resources and FormRequests

- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers

app/Http/Resources/Api/UserBriefResource.php

@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class UserBriefResource extends JsonResource
+{
+    #[\Override]
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => (string) $this->id,
+            'username' => $this->username,
+            'look' => $this->look,
+        ];
+    }
+}