fix: konvertera alla API route handlers till withAuth wrapper

Ersätter getAuthHeaders() + auth() standalone med withAuth() wrapper
i alla route handlers. Auth() standalone fungerar inte korrekt i
Next.js 16 + NextAuth beta.28 pga async cookies() kompatibilitet.
withAuth() använder auth() i wrapper-form sa att request.auth
populeras direkt av NextAuth.

Pavaerkade filer: 27 route handlers + ny lib/with-auth.ts

frontend/app/api/products/[id]/route.ts

@@ -1,17 +1,16 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { getAuthHeaders } from '../../../../lib/auth-headers';
+import { NextResponse } from 'next/server';
+import { withAuth } from '../../../../lib/with-auth';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
-export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
-  const { id } = await params;
+export const PATCH = withAuth(async (req, session, context) => {
+  const { id } = await context.params;
   const body = await req.json();
-  const authHeaders = await getAuthHeaders();
   const res = await fetch(`${API_BASE}/api/products/${id}`, {
     method: 'PATCH',
-    headers: { 'Content-Type': 'application/json', ...authHeaders },
+    headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${session.accessToken}` },
     body: JSON.stringify(body),
   });
   const data = await res.json().catch(() => ({}));
   return NextResponse.json(data, { status: res.status });
-}
+});