Implement password reset token APIs

## Description

Implement APIs to initiate and complete password reset
using secure, single-use reset tokens.

## Endpoints
- POST `/auth/forgot-password`
OR
- POST `/auth/reset-password`

## Acceptance Criteria
- Secure reset token is generated and stored hashed
- Token expiration is enforced
- Password history rules are applied