f838840bda
Replace default auto-generated password with a first-run setup page that lets users choose their own nickname and password. The /auth/setup endpoint now accepts an optional nickname field (also sets site_name). Remove set_default_password() since setup is now mandatory before login.