Add user names, team-scoped sandbox guard, and login robustness fixes

- Add name column to users (migration + sqlc regen); propagate through JWT
  claims, auth context, all auth/OAuth handlers, service layer, and frontend
- Sidebar and team page show name instead of email; team page splits Name/Email
  into separate columns
- Block sandbox creation in UI and API when user has no active team context
- loginTeam helper falls back to first active team when no default is set,
  fixing login for invited users with no is_default membership
- Exclude soft-deleted teams from GetDefaultTeamForUser, GetBYOCTeams queries
- Guard host creation against soft-deleted teams in service/host.go
- SwitchTeam re-fetches name from DB instead of trusting stale JWT claim
- Reset teams store on login so stale data from a previous session never persists
- Update openapi.yaml: add name to SignupRequest and AuthResponse schemas

frontend/src/routes/auth/github/callback/+page.svelte

@@ -2,6 +2,7 @@
 	import { goto } from '$app/navigation';
 	import { page } from '$app/stores';
 	import { auth } from '$lib/auth.svelte';
+	import { teams } from '$lib/teams.svelte';
 
 	const params = $page.url.searchParams;
 	const error = params.get('error');
@@ -13,9 +14,11 @@
 		const userId = params.get('user_id');
 		const teamId = params.get('team_id');
 		const email = params.get('email');
+		const name = params.get('name') ?? '';
 
 		if (token && userId && teamId && email) {
-			auth.login({ token, user_id: userId, team_id: teamId, email });
+			teams.reset();
+			auth.login({ token, user_id: userId, team_id: teamId, email, name });
 			goto('/dashboard');
 		} else {
 			goto('/login?error=missing_token');