feat: email verification + delete confirmation + smtp/cors/prod hardening

api/prisma/schema.prisma

@@ -25,6 +25,8 @@ model User {
   email        String   @unique
   passwordHash String?
   displayName  String?
+  emailVerified Boolean @default(false)
+  seenUpdateVersion Int @default(0)
   createdAt    DateTime @default(now())
   updatedAt    DateTime @updatedAt
 
@@ -43,6 +45,7 @@ model User {
   allocations        Allocation[]
   transactions       Transaction[]
   budgetSessions     BudgetSession[]
+  emailTokens        EmailToken[]
 }
 
 model VariableCategory {
@@ -161,3 +164,18 @@ model BudgetSession {
   @@unique([userId, periodStart])
   @@index([userId, periodStart])
 }
+
+model EmailToken {
+  id        String   @id @default(uuid())
+  userId    String
+  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+  type      String   // "signup" | "delete"
+  usedAt    DateTime?
+  tokenHash String
+  expiresAt DateTime
+  createdAt DateTime @default(now())
+
+  @@index([userId, type])
+  @@index([userId, type, expiresAt])
+  @@index([tokenHash])
+}