feat: tambah profil akun dan ganti password

Tambahkan halaman /dashboard/profile beserta API ganti password untuk user yang sedang login.
Rapikan AuthSeeder agar idempotent dan bisa ambil admin email/password dari env.

app/Modules/Auth/Controllers/AuthController.php

@@ -62,4 +62,41 @@ class AuthController extends BaseApiController
         }
         return $this->successResponse($user, 'Current user');
     }
+
+    /**
+     * POST /api/auth/change-password
+     * Body: { "current_password": "", "new_password": "" }
+     * User can only change their own password.
+     */
+    public function changePassword(): ResponseInterface
+    {
+        $user = $this->authService->currentUser();
+        if (!$user) {
+            return $this->errorResponse('Not authenticated', null, null, 401);
+        }
+
+        $input = $this->request->getJSON(true);
+        $currentPassword = $input['current_password'] ?? '';
+        $newPassword     = $input['new_password'] ?? '';
+
+        if ($currentPassword === '' || $newPassword === '') {
+            return $this->errorResponse('Current password and new password are required', null, null, 400);
+        }
+
+        if (strlen($newPassword) < 6) {
+            return $this->errorResponse('New password must be at least 6 characters', null, null, 400);
+        }
+
+        $ok = $this->authService->changePassword(
+            (int) $user['id'],
+            $currentPassword,
+            $newPassword
+        );
+
+        if (!$ok) {
+            return $this->errorResponse('Current password is incorrect', null, null, 400);
+        }
+
+        return $this->successResponse(null, 'Password changed successfully');
+    }
 }