privacy/security: add PM privacy levels and improve session visibility

tests/test_auth_flow.py

@@ -43,6 +43,15 @@ async def test_register_verify_login_and_me(client, db_session):
     assert me_data["email"] == "alice@example.com"
     assert me_data["email_verified"] is True
 
+    sessions_response = await client.get(
+        "/api/v1/auth/sessions",
+        headers={"Authorization": f"Bearer {token_data['access_token']}"},
+    )
+    assert sessions_response.status_code == 200
+    sessions = sessions_response.json()
+    assert len(sessions) >= 1
+    assert any(item.get("token_type") == "access" for item in sessions)
+
 
 async def test_refresh_token_rotation(client, db_session):
     payload = {