Cognito merge

[wyatthunter2102-wq]

Cognito Authentication + Location-Based Refactor
Summary
This PR integrates AWS Cognito authentication and finalizes our location-scoped multi-tenant structure.

The app now:
Uses Cognito for login/logout
Hydrates DB user after login
Persists active location
Scopes data to selected location
Implements invite-based onboarding

Authentication:

Cognito Integration:
Replaced legacy login logic
Added PostLogin bootstrap page
Hydrates user + accessible locations
Redirects based on role and access

Invite Flow:
Admin/Manager can invite a user for a specific location
Token-based activation link:/account/setup?token=...
Invitee sets password and activates account
Redirects to login after activation

Location State:
Implemented centralized LocationState service:
Stores accessible locations
Persists active location in localStorage
Triggers refresh on location change
Pages subscribe to OnChange

Location-Scoped Data:
Implemented pattern (same as RecipeList):
RecipeList loads by active location
Page refreshes automatically when location changes

UI / Layout Updates:
Updated layouts for public vs authenticated views
Added Location selector
Updated Profile dropdown + logout
Role-based navigation
No-access handling

Major Areas Touched

Services:
LocationState
UserContextService
CognitoProvisioningService
AuthService
UserService

Routing / Layout:
App
Routes
MainLayout
NavMenu
PublicLayout

Pages:
SignIn
PostLogin
InviteSignUp
AccountSetup
RecipeList
UserList
Settings pages
Admin / Manager views

Security Note:
No secrets committed.
Cognito credentials and DB credentials are stored via environment variables or local secrets.

[wyatthunter2102-wq]

Ready to merge