Add mobile app auth flow with Sanctum token handoff via deep link

The Einundzwanzig mobile app opens /auth/mobile in an in-app browser.
After a Lightning (LNURL) or Nostr login the flow issues a personal
access token and hands it back via the einundzwanzig://auth deep link.

- New auth.mobile-login Livewire view: Lightning QR (shared k1) plus
  Nostr signing via NIP-55 Android signers (Amber) with server callback,
  and a confirmation screen for already authenticated sessions
- MobileAuthController: NIP-55 callback verification, completion route
  issuing the token (replacing same-device tokens), redirect whitelist
- Nostr login event verification and npub user resolution extracted to
  App\Support\NostrLogin, now shared with the interactive login
- GET /api/user (auth:sanctum) returns the token owner's profile

app/Http/Controllers/Api/UserController.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Http\Controllers\Controller;
+use Dedoc\Scramble\Attributes\Group;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+
+#[Group(name: 'Profil', weight: 8)]
+class UserController extends Controller
+{
+    /**
+     * Eigenes Profil
+     *
+     * Liefert das Profil des authentifizierten Nutzers (Token-Inhaber).
+     * Wird von der Mobile App direkt nach dem Login aufgerufen.
+     */
+    public function __invoke(Request $request): JsonResponse
+    {
+        $user = $request->user();
+
+        return response()->json([
+            'id' => $user->id,
+            'name' => $user->name,
+            'email' => $user->email,
+            'nostr' => $user->nostr,
+            'is_lecturer' => (bool) $user->is_lecturer,
+            'is_leader' => (bool) $user->is_leader,
+            'avatar' => $user->profile_photo_url,
+        ]);
+    }
+}