fix(auth): surface email-not-verified error and detect needsVerification on signup

- mana-auth login route: catch Better Auth's email verification error and
  return 403 EMAIL_NOT_VERIFIED instead of 401 Invalid credentials
- shared-auth signUp: detect emailVerified:false in register response and
  return needsVerification:true so the UI shows the verification prompt
- shared-auth-ui LoginPage: map INVALID_CREDENTIALS error code to friendly message
- shared-i18n: add invalidCredentials translation (de/en)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

packages/shared-auth/src/core/authService.ts

@@ -169,13 +169,12 @@ export function createAuthService(config: AuthServiceConfig): AuthServiceInterfa
 					return { success: false, error: errorData.message || 'Sign up failed' };
 				}
 
-				// Consume response to avoid unhandled promise
-				await response.json();
+				const data = await response.json();
 
-				// Mana Core Auth returns user data immediately on registration
-				// User needs to sign in separately to get tokens
+				// If emailVerified is false, the user needs to verify their email before login
+				const needsVerification = data?.user?.emailVerified === false;
 				trackAuth('signup', { method: 'email' });
-				return { success: true, needsVerification: false };
+				return { success: true, needsVerification };
 			} catch (error) {
 				console.error('Error signing up:', error);
 				trackAuth('signup_failed', { method: 'email' });