Support NIP-07 challenge-response authentication

[alejandro-runner]

Summary

Add a challenge-response authentication flow so users with a NIP-07 browser extension (nos2x, Alby, etc.) can log in or register without exposing their nsec and without needing email/password credentials.

Motivation

Pasting an nsec into a web form is a security anti-pattern. NIP-07 extensions already manage keys securely; Keycast should support them as a first-class auth method. Users who already have a Nostr identity and a NIP-07 extension should not need email/password at all — their Nostr key IS their identity.

Proposed Flow

Challenge-Response

1. Client: POST /api/auth/nip07/challenge → { challenge, expires_at }
2. Client asks NIP-07 extension to sign a kind:27235 event (NIP-98 style) containing the challenge
3. Client: POST /api/auth/nip07/verify { signed_event } → Keycast verifies signature, sets session cookie

Login

• If an account exists for the pubkey, authenticate and set session.
• If no account exists, create one automatically. No email/password required — the NIP-07 key is the sole credential.

Considerations

• NIP-07 accounts have no email/password. Account recovery relies on the user's control of their Nostr key.
• Personal key signing (POST /api/nostr) won't work for NIP-07 users since Keycast doesn't hold their private key. Clients needing personal key signatures can fall back to the NIP-07 extension directly.
• Challenge should be short-lived (e.g. 60 seconds) and single-use.
• The signed event kind could follow NIP-98 (kind 27235) or use a custom kind — TBD.
• Provide the option to input an email as a recovery method with "strongly recommended" language but optional.