feat: Armarium v1.1.0 — dashboard, auth, 2FA, SMTP, settings, deploy

Dashboard:
- ApexCharts bar chart (income vs fixed costs vs expenses) and donut chart
- KPI cards: income, fixed costs, savings rate with configurable goal
- Greeting with time-of-day and locale-aware date/time display

Authentication & security:
- Email-based login (no username), case-insensitive lookup
- JWT access/refresh tokens with rotation and blacklist
- TOTP 2FA with QR code, backup codes (copy + PDF export)
- 2FA recovery via email code
- Cloudflare Turnstile CAPTCHA on login and register

Email flows:
- Email verification on registration (24h token)
- Password reset flow (15min token, anti-enumeration)
- Brevo SMTP integration with HTML + plaintext email templates
- Notification emails: 2FA recovery, password changed, email changed

Settings page:
- 2FA management (enable/disable, QR, backup codes)
- Active sessions list with per-device revoke
- Data export: ZIP with 6 PDFs via fpdf2
- Notification preferences (3 toggles)
- Danger zone: account deletion with mandatory export + confirmation phrase

UI & layout:
- Sidebar with collapsible/flyout mode, Angular signal-based dropdowns
- Dark mode (class-based), language switcher (DE/FR/IT/EN)
- Mobile-responsive layout with touch-friendly targets
- Roboto font via @fontsource (GDPR-compliant, no Google CDN)
- Pure Tailwind CSS v3

Infrastructure:
- Forgejo Actions CI/CD pipeline (auto-deploy on push to main)
- Gunicorn + Nginx + PostgreSQL production setup
- Rate limiting, HSTS, secure cookies, CSRF protection

frontend/src/app/auth/reset-password/reset-password.ts

@@ -0,0 +1,70 @@
+import { Component, OnInit, signal } from '@angular/core';
+import { FormsModule } from '@angular/forms';
+import { RouterModule, ActivatedRoute, Router } from '@angular/router';
+import { TranslateModule } from '@ngx-translate/core';
+import { ApiService } from '../../services/api';
+import { LanguageService } from '../../services/language';
+import { ThemeService } from '../../services/theme';
+import { LangSwitcher } from '../lang-switcher/lang-switcher';
+
+@Component({
+  selector: 'app-reset-password',
+  standalone: true,
+  imports: [FormsModule, RouterModule, TranslateModule, LangSwitcher],
+  templateUrl: './reset-password.html',
+})
+export class ResetPassword implements OnInit {
+  password = '';
+  confirmPassword = '';
+  showPassword = signal(false);
+  showConfirmPassword = signal(false);
+  loading = signal(false);
+  success = signal(false);
+  error = signal('');
+  private token = '';
+
+  constructor(
+    private api: ApiService,
+    private route: ActivatedRoute,
+    private router: Router,
+    private langService: LanguageService,
+    public themeService: ThemeService,
+  ) {
+    this.langService.init();
+  }
+
+  ngOnInit(): void {
+    this.token = this.route.snapshot.queryParamMap.get('token') ?? '';
+    if (!this.token) {
+      this.error.set('auth.errors.token_missing');
+    }
+  }
+
+  submit(): void {
+    this.error.set('');
+    if (!this.password || !this.confirmPassword) {
+      this.error.set('auth.errors.fields_required');
+      return;
+    }
+    if (this.password !== this.confirmPassword) {
+      this.error.set('auth.errors.passwords_mismatch');
+      return;
+    }
+    if (this.password.length < 8) {
+      this.error.set('auth.errors.password_too_short');
+      return;
+    }
+    this.loading.set(true);
+    this.api.confirmPasswordReset(this.token, this.password).subscribe({
+      next: () => {
+        this.success.set(true);
+        this.loading.set(false);
+        setTimeout(() => this.router.navigate(['/login']), 3000);
+      },
+      error: () => {
+        this.error.set('auth.errors.reset_failed');
+        this.loading.set(false);
+      },
+    });
+  }
+}