feat(auth): implement Android refresh token handling and session management

- Added support for generating Android access tokens and managing refresh sessions in the auth endpoints.
- Implemented new tests for login, logout, and refresh functionalities specific to Android clients.
- Enhanced password reset logging with normalization and masking of email addresses.
- Created a new diagnostics endpoint for password reset attempts, including filtering and summarizing logs.
- Introduced a new utility for managing password reset logs with retention policies.
- Added tests for password reset log utilities to ensure proper functionality and privacy compliance.
- Updated WebAuthn configuration tests to validate origin handling for production and allowed origins.

middleware/auth.js

@@ -26,6 +26,10 @@ export default defineNuxtRouteMiddleware(async (to, _from) => {
         if (!hasAccess) {
           return navigateTo('/mitgliederbereich')
         }
+      } else if (to.path.startsWith('/cms/passwort-reset-diagnose')) {
+        if (!roles.includes('admin')) {
+          return navigateTo('/cms')
+        }
       } else if (to.path.startsWith('/cms/kontaktanfragen')) {
         if (!canAccessContactRequests) {
           return navigateTo('/mitgliederbereich')
@@ -42,4 +46,3 @@ export default defineNuxtRouteMiddleware(async (to, _from) => {
     return navigateTo('/login?redirect=' + to.path)
   }
 })
-