[Backend] Remove legacy mock wallet authentication

[Kaylahray]

Description

The login and register handlers still implement mock wallet signature verification, even though the app also contains a challenge and verify flow.

User Story

As a wallet user,
I want to authenticate with a real signed challenge,
so that my session is issued from a verifiable Stellar proof.

Requirements and Context

• Files: app/app/(auth)/login/route.ts, app/app/(auth)/register/route.ts, app/app/api/auth/challenge/route.ts, app/app/api/auth/verify/route.ts
• Remove or fully retire the legacy mock signature verification path
• Make the challenge/verify flow the canonical login path
• Keep replay protection and nonce verification intact

Suggested Implementation

// AUTH REFACTOR
// 1. Issue a challenge nonce.
// 2. Verify the signed challenge with Stellar tooling.
// 3. Create or fetch the user record.
// 4. Mint the session token only after verification succeeds.

Acceptance Criteria

• Legacy mock signature verification is no longer used in production flows.
• Challenge replay attacks remain blocked.
• Login and registration share the same secure verification model.

Submission Guidelines

• Branch: feat/remove-mock-wallet-auth
• Depends on: SEP-10 verification flow
• PR: feat(backend): retire mock wallet auth and unify challenge verification

[morapay-app]

@morapay-app has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

I’d like to work on this issue because it removes insecure legacy authentication logic and unifies login/registration around a proper signed challenge flow.

I can fully retire the mock wallet signature verification, make the challenge/verify (SEP-10-style) flow the single source of truth, and ensure replay protection and nonce validation remain intact while keeping session issuance consistent and secure.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @morapay-app to this issue.