Adds POST /admin/posts/feature, POST /admin/posts/unfeature
(both auth-required, admin-checked inside controller via the
use case's ForbiddenException), and public GET /posts/featured.
Post serialization now includes featureSlot.
Wires PostController (recent, show, create, delete, listByUser)
and CommentController (listForPost, create, delete) to the
existing use cases. Posts and comments expose author display
names alongside user IDs. CommentRepository binding added to
RepositoryServiceProvider.
Wires AuthController (signup, confirmEmail, login, me, logout)
to the existing auth use cases. Routes mounted under /api with
AuthMiddleware on logout/me. RepositoryServiceProvider gains
EmailConfirmationToken and Post bindings; AppServiceProvider
binds the Emailer/EmailFactory and constructs SignupUser with
the configured from-address.
removed app/Models/User.php (laravel auth model - tide authors a
ddd User entity in app/User/), app/Http/Controllers/Controller.php
(controllers live flat in app/Controllers/ per youngstartup), and
all three 0001_01_01_* migrations (default users schema, cache,
jobs - tide writes its own users migration with is_admin and
password_hash). routes/api.php stripped of the sanctum-bound
/user demo route - left as an empty stub for incoming domains.
