Add user names, team-scoped sandbox guard, and login robustness fixes

- Add name column to users (migration + sqlc regen); propagate through JWT
  claims, auth context, all auth/OAuth handlers, service layer, and frontend
- Sidebar and team page show name instead of email; team page splits Name/Email
  into separate columns
- Block sandbox creation in UI and API when user has no active team context
- loginTeam helper falls back to first active team when no default is set,
  fixing login for invited users with no is_default membership
- Exclude soft-deleted teams from GetDefaultTeamForUser, GetBYOCTeams queries
- Guard host creation against soft-deleted teams in service/host.go
- SwitchTeam re-fetches name from DB instead of trusting stale JWT claim
- Reset teams store on login so stale data from a previous session never persists
- Update openapi.yaml: add name to SignupRequest and AuthResponse schemas

internal/api/openapi.yaml

@@ -1410,7 +1410,7 @@ components:
   schemas:
     SignupRequest:
       type: object
-      required: [email, password]
+      required: [email, password, name]
       properties:
         email:
           type: string
@@ -1418,6 +1418,9 @@ components:
         password:
           type: string
           minLength: 8
+        name:
+          type: string
+          maxLength: 100
 
     LoginRequest:
       type: object
@@ -1441,6 +1444,8 @@ components:
           type: string
         email:
           type: string
+        name:
+          type: string
 
     CreateAPIKeyRequest:
       type: object