feat(auth): add password strength indicator and magic links

Password strength (zxcvbn-ts):
- PasswordStrength component with 4-segment color bar and German feedback
- Lazy-loaded with 150ms debounce to avoid SSR/bundle issues
- Integrated into RegisterPage and ChangePassword components

Magic Links (passwordless email):
- Better Auth magicLink plugin (10-minute expiry)
- sendMagicLinkEmail() in email service (German template)
- Passthrough route for /magic-link/* endpoints
- sendMagicLink() in shared-auth client
- "Login-Link per E-Mail senden" button on all 20 login pages
- All 21 auth stores have sendMagicLink() method

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

packages/shared-auth-ui/src/pages/LoginPage.svelte

@@ -88,6 +88,7 @@
 		passkeyAvailable?: boolean;
 		onVerifyTwoFactor?: (code: string, trustDevice?: boolean) => Promise<AuthResult>;
 		onVerifyBackupCode?: (code: string) => Promise<AuthResult>;
+		onSendMagicLink?: (email: string) => Promise<AuthResult>;
 	}
 
 	let {
@@ -114,6 +115,7 @@
 		passkeyAvailable = false,
 		onVerifyTwoFactor,
 		onVerifyBackupCode,
+		onSendMagicLink,
 	}: Props = $props();
 
 	const t = $derived({ ...defaultTranslations, ...translations });
@@ -146,6 +148,8 @@
 	let useBackupCode = $state(false);
 	let trustDevice = $state(false);
 	let rateLimitCountdown = $state(0);
+	let magicLinkSent = $state(false);
+	let sendingMagicLink = $state(false);
 
 	$effect(() => {
 		if (rateLimitCountdown > 0) {
@@ -336,6 +340,26 @@
 		}
 	}
 
+	async function handleSendMagicLink() {
+		if (!onSendMagicLink || !email) return;
+		if (!isValidEmail(email)) {
+			setError(t.emailInvalid, 'email');
+			return;
+		}
+		sendingMagicLink = true;
+		clearError();
+		magicLinkSent = false;
+
+		const result = await onSendMagicLink(email);
+		sendingMagicLink = false;
+
+		if (result.success) {
+			magicLinkSent = true;
+		} else {
+			setError(result.error || t.signInFailed, 'general');
+		}
+	}
+
 	function skipToForm() {
 		if (emailInput) emailInput.focus();
 	}
@@ -702,6 +726,33 @@
 						</button>
 					</form>
 
+					{#if onSendMagicLink}
+						{#if magicLinkSent}
+							<div class="verified-banner" role="status" aria-live="polite">
+								<Check size={18} class="text-green-500 shrink-0" />
+								<p>Login-Link an {email} gesendet!</p>
+								<button
+									type="button"
+									class="verified-banner-close"
+									onclick={() => (magicLinkSent = false)}
+									aria-label="Close"
+								>
+									&times;
+								</button>
+							</div>
+						{:else}
+							<button
+								type="button"
+								onclick={handleSendMagicLink}
+								disabled={sendingMagicLink || !email}
+								class="magic-link-button"
+								style:color={primaryColor}
+							>
+								{sendingMagicLink ? 'Wird gesendet...' : 'Login-Link per E-Mail senden'}
+							</button>
+						{/if}
+					{/if}
+
 					<p class="register-link">
 						{t.noAccount}
 						<button type="button" onclick={() => goto(registerPath)} style:color={primaryColor}>
@@ -1203,6 +1254,27 @@
 		color: rgba(0, 0, 0, 0.5);
 	}
 
+	.magic-link-button {
+		width: 100%;
+		background: none;
+		border: none;
+		cursor: pointer;
+		font-weight: 500;
+		font-size: 0.875rem;
+		padding: 0.75rem;
+		text-align: center;
+		transition: opacity 0.2s;
+	}
+
+	.magic-link-button:hover:not(:disabled) {
+		opacity: 0.7;
+	}
+
+	.magic-link-button:disabled {
+		opacity: 0.4;
+		cursor: not-allowed;
+	}
+
 	.register-link {
 		text-align: center;
 		font-size: 0.875rem;

packages/shared-auth-ui/src/pages/RegisterPage.svelte

@@ -2,6 +2,7 @@
 	import type { Component } from 'svelte';
 	import type { AuthResult } from '../types';
 	import { Eye, EyeSlash, UserPlus, ArrowLeft, Sun, Moon } from '@manacore/shared-icons';
+	import PasswordStrength from '../components/PasswordStrength.svelte';
 
 	import type { Snippet } from 'svelte';
 
@@ -505,6 +506,8 @@
 					</div>
 				</div>
 
+				<PasswordStrength {password} {primaryColor} />
+
 				<div>
 					<div class="relative">
 						<input