[REST API (@saveaction/api)]:Email Verification

Implement email verification on registration. Send verification email with JWT token (24hr expiry). POST /api/auth/verify-email validates token. Unverified users can login but have limited access (can't create runs). Resend verification endpoint with rate limiting.