Authentication and sessions
Private app pages require a server-side session before rendering.
- Better Auth manages email/password and optional Google Login.
- Sessions are stored in PostgreSQL.
- Private routes derive ownership from the authenticated request scope.