feat: Add internal chat system and network access support

- Add messages table schema with soft delete support
- Add message service, controller and routes
- Update CORS to allow local network IPs
- Update server to listen on 0.0.0.0
- Fix cookie sameSite for local network development

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/controllers/auth.controller.js

@@ -29,17 +29,18 @@ export const login = async (req, res, next) => {
     await logLogin(result.user.id, username, ipAddress, userAgent);
 
     // Nastav cookie s access tokenom (httpOnly, secure)
+    const isProduction = process.env.NODE_ENV === 'production';
     res.cookie('accessToken', result.tokens.accessToken, {
       httpOnly: true,
-      secure: process.env.NODE_ENV === 'production',
-      sameSite: 'strict',
+      secure: isProduction,
+      sameSite: isProduction ? 'strict' : 'lax',
       maxAge: 60 * 60 * 1000, // 1 hodina
     });
 
     res.cookie('refreshToken', result.tokens.refreshToken, {
       httpOnly: true,
-      secure: process.env.NODE_ENV === 'production',
-      sameSite: 'strict',
+      secure: isProduction,
+      sameSite: isProduction ? 'strict' : 'lax',
       maxAge: 7 * 24 * 60 * 60 * 1000, // 7 dní
     });