fix: critical auth + db bugs - signup flow - Auth callback now exchanges code for session (was dead redirect) - Server client uses cookie-based SSR (was admin-only, no user context) - Contractor signup stores ABR data in ai_research jsonb (was non-existent column)