added forgot password

[Nabeelahh]

closes #187 [

This PR implements a complete forgot password flow using OTP-based verification. It leverages the existing Mail Service to send 6-digit OTPs and adds secure password reset functionality with proper validation and expiration handling.

DTOs Added

• ForgotPasswordDto - accepts user email
• VerifyOtpDto - validates email + OTP combination
• ResetPasswordDto - completes flow with new password

Service Layer Updates (auth.service.ts)

• forgotPassword: Initiates flow by delegating to mailService.sendOtpEmail
• verifyOtp: Validates OTP against repository/cache without exposing sensitive data
• resetPassword:
  • Verifies OTP validity
  • Hashes new password using bcrypt
  • Updates user password
  • Invalidates used OTP (one-time use enforcement)

Security Features

• OTP expires after 10 minutes (matches existing Mail Service TTL)
• One-time use enforced - OTP invalidated after successful reset
• No sensitive data exposed in error messages
• Password properly hashed before storage

Added comprehensive unit tests:

• OTP request delegates correctly to mail service
• OTP verification (success, invalid OTP, expired scenarios)
• ✅Password reset with hash verification and OTP invalidation

[Nabeelahh]