Add password change functionality

- Add POST /api/auth/password API endpoint
  - Requires authentication and current password verification
  - Invalidates all other sessions after password change
  - Keeps current session active

- Add window.changePassword() console function
  - Matches existing login flow pattern
  - Usage: changePassword("current", "new")

- Add 'lookbook set-password' CLI command
  - Interactive password reset (no current password required)
  - Useful for recovery scenarios
  - Invalidates all sessions

- Add session.QDeleteAllExcept() and session.QDeleteAll()
  - Support for invalidating sessions after password change

internal/data/session/queries.go

@@ -71,3 +71,17 @@ func QDeleteExpired(ctx context.Context, db *sql.DB) error {
 	_, err := db.ExecContext(ctx, query)
 	return err
 }
+
+// QDeleteAllExcept deletes all sessions except the one with the given session ID.
+func QDeleteAllExcept(ctx context.Context, db *sql.DB, exceptSessionID string) error {
+	query := `DELETE FROM session WHERE session_id != $1`
+	_, err := db.ExecContext(ctx, query, exceptSessionID)
+	return err
+}
+
+// QDeleteAll deletes all sessions.
+func QDeleteAll(ctx context.Context, db *sql.DB) error {
+	query := `DELETE FROM session`
+	_, err := db.ExecContext(ctx, query)
+	return err
+}