fix: konvertera alla API route handlers till withAuth wrapper

Ersätter getAuthHeaders() + auth() standalone med withAuth() wrapper
i alla route handlers. Auth() standalone fungerar inte korrekt i
Next.js 16 + NextAuth beta.28 pga async cookies() kompatibilitet.
withAuth() använder auth() i wrapper-form sa att request.auth
populeras direkt av NextAuth.

Pavaerkade filer: 27 route handlers + ny lib/with-auth.ts

frontend/app/api/admin/create-product/route.ts

@@ -1,16 +1,8 @@
-import { auth } from '../../../../auth';
+import { withAuth } from '../../../../lib/with-auth';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
-async function getAuthHeaders(): Promise<Record<string, string>> {
-  const session = await auth();
-  if (!session?.accessToken) {
-    return {};
-  }
-  return { Authorization: `Bearer ${session.accessToken}` };
-}
-
-export async function POST(req: Request) {
+export const POST = withAuth(async (req, session) => {
   try {
     const body = await req.json();
     const { name } = body;
@@ -19,10 +11,9 @@ export async function POST(req: Request) {
       return Response.json({ error: 'Name is required' }, { status: 400 });
     }
 
-    const authHeaders = await getAuthHeaders();
     const res = await fetch(`${API_BASE}/api/products`, {
       method: 'POST',
-      headers: { 'Content-Type': 'application/json', ...authHeaders },
+      headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${session.accessToken}` },
       body: JSON.stringify({ name }),
     });
 
@@ -43,4 +34,4 @@ export async function POST(req: Request) {
       { status: 500 },
     );
   }
-}
+});