feat: SPA-based password reset page

- Created ResetPassword.tsx with:
  - Password reset form with strength indicator
  - Key validation on load
  - Show/hide password toggle
  - Success/error states
  - Redirect to login on success

- Updated EmailManager.php:
  - Changed reset_link from wp-login.php to SPA route
  - Format: /wp-admin/admin.php?page=woonoow#/reset-password?key=KEY&login=LOGIN

- Added AuthController API methods:
  - validate_reset_key: Validates reset key before showing form
  - reset_password: Performs actual password reset

- Registered new REST routes in Routes.php:
  - POST /auth/validate-reset-key
  - POST /auth/reset-password

Password reset emails now link to the SPA instead of native WordPress.

includes/Api/Routes.php

@@ -79,6 +79,20 @@ class Routes {
                 'permission_callback' => '__return_true',
             ] );
             
+            // Validate password reset key (public)
+            register_rest_route( $namespace, '/auth/validate-reset-key', [
+                'methods'             => 'POST',
+                'callback'            => [ AuthController::class, 'validate_reset_key' ],
+                'permission_callback' => '__return_true',
+            ] );
+            
+            // Reset password with key (public)
+            register_rest_route( $namespace, '/auth/reset-password', [
+                'methods'             => 'POST',
+                'callback'            => [ AuthController::class, 'reset_password' ],
+                'permission_callback' => '__return_true',
+            ] );
+            
             // Defer to controllers to register their endpoints
             CheckoutController::register();
             OrdersController::register();