Add quick signup and profile update endpoint

[rxmox]

Summary

• Upgrade guest join flow to create a real User account with authProvider: 'guest', returning a JWT so guests can access protected routes and complete their profile later
• Add PUT /api/users/:userId endpoint for profile updates (name, email, password, bio, profilePhoto, socialLinks)
• Guest users are upgraded to authProvider: 'local' when they set a password
• Update User model: email now optional with sparse index, add 'guest' auth provider, add bio and socialLinks fields

Changes

• src/models/user_model.ts: Email optional + sparse, added 'guest' to authProvider enum, added bio and socialLinks (linkedin, github, other) fields
• src/controllers/event_controller.ts: joinEventAsGuest now creates a User record and returns userId + token in response
• src/controllers/user_controller.ts: Added updateUser controller with authorization check (self-only), email validation, password hashing, and guest-to-local upgrade
• src/routes/user_route.ts: Added PUT /:userId route with auth middleware

Testing done

All tests performed manually against local dev server (npm run dev):

#	Test	Result
1	Guest joins event → gets User account + JWT	userId and token returned, participant has non-null userId
2	Guest accesses GET /api/users/me with JWT	Returns user with authProvider: "guest", no email, event history tracked
3	Guest updates profile with email + password	authProvider upgraded to "local", email set, passwordChangedAt recorded
4	Login with upgraded credentials (POST /api/auth/login)	Login successful with new token
5	Unauthorized profile update (wrong userId)	403 "You can only update your own profile"
6	Duplicate name in same event	409 "This name is already taken in this event"
7	Update bio field	Saved and returned correctly
8	Update socialLinks (linkedin, github, other)	All three fields saved and returned
9	Update name	Saved correctly
10	Empty body on PUT	400 "No fields to update"
11	npm run build	Passes with no TypeScript errors