Migrate /auth/demo to native auto-login

[harry-rhesis]

Summary

Rewrite the GET /auth/demo endpoint to use native authentication, automatically logging in the demo user without requiring password input.

Background / Context

The current /auth/demo route redirects to Auth0 with the demo email pre-filled. After Auth0 removal (#1289), this endpoint needs to work with the native auth system. The goal is a single-request demo login: accessing the endpoint should authenticate the demo user and return session tokens directly.

Deliverables

• Rewrite GET /auth/demo to look up the demo user by DEMO_USER_EMAIL, authenticate using DEMO_USER_PASSWORD, create session and refresh tokens, and redirect to the frontend with an auth code (same pattern as OAuth callback)
• Add DEMO_USER_PASSWORD environment variable for the demo user's password
• Guard the endpoint behind an environment flag (e.g., AUTH_DEMO_LOGIN_ENABLED, default false)
• Remove the Auth0 dependency (oauth.auth0.authorize_redirect, AUTH0_DOMAIN check) from the demo route

Acceptance Criteria

• GET /auth/demo auto-logs in the demo user without password input
• Endpoint uses DEMO_USER_EMAIL and DEMO_USER_PASSWORD env vars
• Endpoint is disabled by default and gated behind an env flag
• Returns proper session and refresh tokens
• Redirects to /dashboard after login
• No Auth0 dependencies remain in the demo route