Supersunday — Backend CRUD patch (final)

Adds:
- src/middleware/auth.js  (JWT guard)
- src/routes/auth.js      (POST /api/auth/login)
- src/routes/tournaments.js (GET list/one/related, POST create, POST add participant)
- src/routes/matches.js   (POST /api/matches/:id/score)
- src/db.js               (pg connection)
- src/index.js            (mount routes + /api/health)
- sql/schema.sql          (tables + indexes)

Install:
1) Unzip into ./backend
   unzip -o supersunday_backend_crud_patch.zip -d backend

2) Ensure backend/.env has:
   PORT=4000
   PGHOST=db
   PGUSER=postgres
   PGPASSWORD=postgres
   PGDATABASE=supersunday
   PGPORT=5432
   ADMIN_EMAIL=admin@supersunday.local
   ADMIN_PASSWORD=changeme
   JWT_SECRET=supersecret

3) Apply schema:
   docker compose cp backend/sql/schema.sql db:/tmp/schema.sql
   docker compose exec db psql -U postgres -d supersunday -f /tmp/schema.sql

4) Rebuild API:
   docker compose up -d --build api

Quick test:
- Login:
  curl -s http://localhost:4000/api/auth/login -H 'Content-Type: application/json'     -d '{"email":"admin@supersunday.local","password":"changeme"}'

- Create tournament:
  TOKEN=...; curl -s http://localhost:4000/api/tournaments -H "Authorization: Bearer $TOKEN"     -H 'Content-Type: application/json' -d '{"name":"Super Sunday #2","location":"PC","start_date":"2025-10-05"}'

- Add participant:
  curl -s http://localhost:4000/api/tournaments/1/participants -H "Authorization: Bearer $TOKEN"     -H 'Content-Type: application/json' -d '{"full_name":"Nouvel Joueur"}'

- Score match:
  curl -s http://localhost:4000/api/matches/1/score -H "Authorization: Bearer $TOKEN"     -H 'Content-Type: application/json' -d '{"score_a":6,"score_b":4,"done":true}'