fix: konvertera alla API route handlers till withAuth wrapper

Ersätter getAuthHeaders() + auth() standalone med withAuth() wrapper
i alla route handlers. Auth() standalone fungerar inte korrekt i
Next.js 16 + NextAuth beta.28 pga async cookies() kompatibilitet.
withAuth() använder auth() i wrapper-form sa att request.auth
populeras direkt av NextAuth.

Pavaerkade filer: 27 route handlers + ny lib/with-auth.ts

frontend/app/api/admin/bulk-categorize/route.ts

@@ -1,28 +1,15 @@
-import { auth } from '../../../../auth';
+import { withAuth } from '../../../../lib/with-auth';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
-async function getAuthHeaders(): Promise<Record<string, string>> {
-  const session = await auth();
-  if (!session?.accessToken) return {};
-  return { Authorization: `Bearer ${session.accessToken}` };
-}
-
-// POST /api/admin/bulk-categorize
-// Body: { productIds?: number[] }
-export async function POST(req: Request) {
+export const POST = withAuth(async (req, session) => {
   try {
     const body = await req.json().catch(() => ({}));
     const { productIds } = body;
 
-    const authHeaders = await getAuthHeaders();
-    if (!authHeaders.Authorization) {
-      return Response.json({ error: 'Unauthorized' }, { status: 401 });
-    }
-
     const res = await fetch(`${API_BASE}/api/products/ai-categorize-bulk`, {
       method: 'POST',
-      headers: { 'Content-Type': 'application/json', ...authHeaders },
+      headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${session.accessToken}` },
       body: JSON.stringify({ productIds }),
     });
 
@@ -40,4 +27,4 @@ export async function POST(req: Request) {
       { status: 500 },
     );
   }
-}
+});