feat: add sqlite-backed auth and library services

Bootstrap SQLite on server startup with embedded migrations and development seed data. Replace placeholder auth and library responses with database-backed services, bearer sessions, and repository-driven API handlers.

apps/web/src/lib/api.ts

@@ -1,3 +1,5 @@
+import { useSessionStore } from '@/stores/session-store'
+
 export type User = {
   id: string
   username: string
@@ -34,9 +36,11 @@ export type Track = {
 const API_BASE = import.meta.env.VITE_API_BASE ?? 'http://localhost:4040'
 
 async function request<T>(path: string, init?: RequestInit): Promise<T> {
+  const token = useSessionStore.getState().token
   const response = await fetch(`${API_BASE}${path}`, {
     headers: {
       'Content-Type': 'application/json',
+      ...(token ? { Authorization: `Bearer ${token}` } : {}),
       ...(init?.headers ?? {}),
     },
     ...init,
@@ -63,4 +67,3 @@ export async function fetchHome() {
 export async function fetchTracks() {
   return request<{ items: Track[] }>('/api/tracks')
 }
-