Security improvements, role in user creation, todo filters fix

- Remove better-auth dependency (unused)
- Update JWT secrets to stronger values
- Add ENCRYPTION_SALT env variable for password encryption
- Add role field to createUserSchema validator
- Accept role from body in admin.controller createUser
- Fix todo filters: add priority filter, handle completed param
- Remove .env.example (merged into .env)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

src/utils/password.js

@@ -70,9 +70,12 @@ export const encryptPassword = (text) => {
   if (!process.env.JWT_SECRET) {
     throw new Error('JWT_SECRET environment variable is required for password encryption');
   }
+  if (!process.env.ENCRYPTION_SALT) {
+    throw new Error('ENCRYPTION_SALT environment variable is required for password encryption');
+  }
 
   const algorithm = 'aes-256-gcm';
-  const key = crypto.scryptSync(process.env.JWT_SECRET, 'salt', 32);
+  const key = crypto.scryptSync(process.env.JWT_SECRET, process.env.ENCRYPTION_SALT, 32);
   const iv = crypto.randomBytes(16);
 
   const cipher = crypto.createCipheriv(algorithm, key, iv);
@@ -93,9 +96,12 @@ export const decryptPassword = (encryptedText) => {
   if (!process.env.JWT_SECRET) {
     throw new Error('JWT_SECRET environment variable is required for password decryption');
   }
+  if (!process.env.ENCRYPTION_SALT) {
+    throw new Error('ENCRYPTION_SALT environment variable is required for password decryption');
+  }
 
   const algorithm = 'aes-256-gcm';
-  const key = crypto.scryptSync(process.env.JWT_SECRET, 'salt', 32);
+  const key = crypto.scryptSync(process.env.JWT_SECRET, process.env.ENCRYPTION_SALT, 32);
 
   const parts = encryptedText.split(':');
   const iv = Buffer.from(parts[0], 'hex');