auth-email-password
Provides email+password authentication: the always-on handlers are login, changePassword, and logout; optional flows — password reset, email verification, magic-link self-signup, and tenant invite — are registered only when you pass their respective option objects (passwordReset, emailVerification, signup, invite) to createAuthEmailPasswordFeature(opts). Each opt-in flow uses HMAC-signed or opaque-random tokens delivered via callback (e.g. sendResetEmail) so the feature stays transport-agnostic. Requires the user and tenant features, and declares JWT_SECRET (≥ 32 chars) in authEmailPasswordEnvSchema so a missing secret surfaces at boot validation rather than on the first login attempt.