Secure verification
Passwordless email login using short-lived one-time codes and secure HttpOnly sessions.
Security: one-time codes are hashed before storage. Sessions use HttpOnly, Secure, SameSite cookies. Google button is staged until a Google OAuth client ID is configured.