Refactor: Extract access_token from UserResponseDto into dedicated AuthResponseDto

[coderabbitai]

Background

As discussed in PR #18, the access_token field currently lives in the generic UserResponseDto class, but it's an authentication-session concern that doesn't belong in a general user response DTO.

Problem

Any endpoint that returns UserResponseDto without performing authentication (e.g., profile fetch, user listing) will have access_token: undefined at runtime while the type declares it as string. This also widens the attack surface by potentially serializing tokens in unexpected contexts.

Proposed Solution

Create a dedicated AuthResponseDto that extends UserResponseDto and adds the access_token field. Update authentication endpoints to return this specialized DTO instead.

References

• PR: feat(auth): [#4] Implement route guards for authentication #18
• Discussion: feat(auth): [#4] Implement route guards for authentication #18 (comment)
• Requested by: @Zafar7645