fix(socket): require authenticated realtime sessions

[saurabhhhcodes]

Summary

• require Socket.IO connections to present a valid JWT through the handshake auth token, x-auth-token header, or bearer authorization header
• store the verified user id on the socket and reject get_userid / friend-request sender claims that do not match the authenticated user
• update the frontend socket client to send the saved token and reconnect when login/logout updates the auth token
• add a focused socket auth unit script for missing, invalid, auth-token, and bearer-token cases

Related Issue

Closes #145

Type of Change

• Bug fix
• Feature
• Documentation
• Refactor
• Tooling / developer experience

Validation

• cd server && node --check src/socket/index.js && node --check scripts/run-socket-auth-unit.mjs && npm run test:socket:auth
• cd frontend && npm run lint
• cd frontend && npm run build
• git diff --check

Notes for Reviewers

There is an older stale PR #60 that attempted similar socket auth work against server/socket/index.js, but that path is not the active socket module on current main. This PR applies the fix to the live server/src/socket/index.js implementation referenced in #145 and keeps the frontend token wiring minimal.

[vercel]

@saurabhhhcodes is attempting to deploy a commit to the Sunil Kumar's projects Team on Vercel.

A member of the Team first needs to authorize it.