feat(auth): return abilities in signin and token responses

## Description
Include CASL abilities in auth responses so the Vue frontend can consume them without dedicated policy files.

## Details
- `POST /api/auth/signin` response adds `abilities` array
- `GET /api/auth/token` response adds `abilities` array
- Abilities are built from user + current organization membership
- Format: `[{ action, subject, conditions }]` — compatible with `createMongoAbility()`

## Response example
```json
{
  "user": {
    "_id": "abc123",
    "firstName": "Pierre",
    "roles": ["user"],
    "currentOrganization": {
      "_id": "org456",
      "name": "Acme Inc",
      "slug": "acme-inc",
      "plan": "free"
    },
    "membership": {
      "role": "owner",
      "organizationId": "org456"
    }
  },
  "tokenExpiresIn": "...",
  "abilities": [
    { "action": "manage", "subject": "Task", "conditions": { "organizationId": "org456" } },
    { "action": "read", "subject": "Organization", "conditions": { "_id": "org456" } }
  ]
}
```

## Acceptance criteria
- [ ] Abilities included in signin response
- [ ] Abilities included in token refresh response
- [ ] Abilities format compatible with @casl/ability createMongoAbility

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(auth): return abilities in signin and token responses #3222

Description

Details

Response example

Acceptance criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

feat(auth): return abilities in signin and token responses #3222

Description

Description

Details

Response example

Acceptance criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions