Fix/revoke jwt after password change

[Atibali]

## Team Number : Team 137

## Description
This PR fixes a session security issue where old JWT tokens remained valid after a password change.  
Now, tokens issued before password update are rejected, and users must log in again to get a new valid token.

## Related Issue
Closes #80

## Type of Change
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] Documentation update
- [ ] Code refactoring
- [ ] Performance improvement
- [ ] Style/UI improvement

## Changes Made
- Added password-version fingerprint support in JWT utility (`createPasswordVersion`).
- Included password version (`pwdv`) in JWT payload during register/login token creation.
- Updated authentication middleware to validate token password version against current DB password hash and reject stale tokens with `401`.

## Screenshots (if applicable)
**Before:**
N/A (backend/API security fix)

**After:**
N/A (backend/API security fix)

## Testing
- [ ] Tested on Desktop (Chrome/Firefox/Safari)
- [ ] Tested on Mobile (iOS/Android)
- [ ] Tested responsive design (different screen sizes)
- [x] No console errors or warnings
- [ ] Code builds successfully (`npm run build`)

Manual API verification (Postman):
- [x] Logged in and obtained token `T1`.
- [x] Changed password via `PUT /api/auth/profile`.
- [x] Retested old token `T1` on protected endpoint and received `401 Unauthorized`.
- [x] Logged in again with new password and verified new token works.

## Checklist
- [x] My code follows the project's code style guidelines
- [x] I have performed a self-review of my code
- [x] I have commented my code where necessary
- [x] My changes generate no new warnings
- [x] I have tested my changes thoroughly
- [ ] All TypeScript types are properly defined
- [ ] Tailwind CSS classes are used appropriately (no inline styles)
- [ ] Component is responsive across different screen sizes
- [x] I have read and followed the [CONTRIBUTING.md](CONTRIBUTING.md) guidelines

## Additional Notes
- This is a backend-only security hardening change.
- Existing valid tokens continue to work only until password is changed; after password change, old tokens are invalidated immediately.

[krishnapaljadeja]

✅ PR Validation Passed

Hey @Atibali! Your PR looks good. Here is what we found:

Field	Value
Team Number	Team 137
Linked Issue	Closes #80

A maintainer will review your PR within 24–48 hours. Stay responsive to feedback!

GDG CHARUSAT Open Source Contri Sprintathon

[krishnapaljadeja]

@Atibali can you resolve these conflicts and rebase it . thankyou

[krishnapaljadeja]

🎉 PR Merged — Points Awarded!

Congratulations @Atibali! Your contribution has been merged.

Field	Value
Repo	Code_duel_backend
Team	Team 137
Contributor	@Atibali
Level	Level 1 — Beginner
Points Awarded	5 pts
Source	Linked Issue #80

The central leaderboard has been updated. Keep contributing!

GDG CHARUSAT Open Source Contri Sprintathon