fix: konvertera alla API route handlers till withAuth wrapper

Ersätter getAuthHeaders() + auth() standalone med withAuth() wrapper
i alla route handlers. Auth() standalone fungerar inte korrekt i
Next.js 16 + NextAuth beta.28 pga async cookies() kompatibilitet.
withAuth() använder auth() i wrapper-form sa att request.auth
populeras direkt av NextAuth.

Pavaerkade filer: 27 route handlers + ny lib/with-auth.ts

frontend/app/api/admin/update-product/[id]/route.ts

@@ -1,29 +1,17 @@
-import { auth } from '../../../../../auth';
+import { withAuth } from '../../../../../lib/with-auth';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
-async function getAuthHeaders(): Promise<Record<string, string>> {
-  const session = await auth();
-  if (!session?.accessToken) {
-    return {};
-  }
-  return { Authorization: `Bearer ${session.accessToken}` };
-}
-
-export async function PATCH(
-  req: Request,
-  { params }: { params: Promise<{ id: string }> },
-) {
+export const PATCH = withAuth(async (req, session, context) => {
   try {
-    const { id } = await params;
+    const { id } = await context.params;
     const productId = parseInt(id, 10);
     const body = await req.json();
     const { categoryId } = body;
 
-    const authHeaders = await getAuthHeaders();
     const res = await fetch(`${API_BASE}/api/products/${productId}`, {
       method: 'PATCH',
-      headers: { 'Content-Type': 'application/json', ...authHeaders },
+      headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${session.accessToken}` },
       body: JSON.stringify({ categoryId }),
     });
 
@@ -45,4 +33,4 @@ export async function PATCH(
       { status: 500 },
     );
   }
-}
+});