Introduce an injectable abstraction over password_hash and
password_verify so callers can be swapped for a fast fake in tests
without paying bcrypt's CPU cost. The bcrypt implementation is a
direct passthrough using PASSWORD_DEFAULT, matching the prior inline
behavior, so existing stored hashes continue to verify.
Wired into the DI container alongside the other auth primitives
(Clock, TokenGenerator). No callers reference it yet, so production
behavior is unchanged.
