feat(auth): add change password API and frontend page

Backend:
- Add ChangePasswordReq DTO with validation (current + new password)
- Add AuthService::change_password() method with credential verification,
  password rehash, and token revocation
- Add POST /api/v1/auth/change-password endpoint with utoipa annotation

Frontend:
- Add changePassword() API function in auth.ts
- Add ChangePassword.tsx page with form validation and confirmation
- Add "修改密码" tab in Settings page

After password change, all refresh tokens are revoked and the user
is redirected to the login page.

crates/erp-auth/src/module.rs

@@ -43,6 +43,10 @@ impl AuthModule {
     {
         Router::new()
             .route("/auth/logout", axum::routing::post(auth_handler::logout))
+            .route(
+                "/auth/change-password",
+                axum::routing::post(auth_handler::change_password),
+            )
             .route(
                 "/users",
                 axum::routing::get(user_handler::list_users).post(user_handler::create_user),