test: add failing authenticate user test

Red phase: write AuthenticateUserTest with cases for valid credentials, empty email/password (null and empty string), unknown email, wrong password, and fresh instance guarantee. Fakes included.

backend/tests/Fakes/FakePasswordHasher.php

@@ -0,0 +1,18 @@
+<?php
+
+namespace Tests\Fakes;
+
+use App\Auth\PasswordHasher;
+
+class FakePasswordHasher implements PasswordHasher
+{
+    public function hash(string $password): string
+    {
+        return 'hashed:'.$password;
+    }
+
+    public function verify(string $password, string $hash): bool
+    {
+        return $this->hash($password) === $hash;
+    }
+}