test: add test suite with 65 tests, 73% coverage

- Unit tests: password hashing, notification providers, webhook field parsing
- Integration tests: auth routes (register/login/confirm-email/logout),
  invite flow, Evotor webhooks (/user/create, /user/verify, /user/token),
  admin panel (access control, activate/suspend/delete/reset-password)
- conftest: SQLite in-memory engine, transactional sessions, factory-boy
  factories (UserFactory with UserRoleEnum variants)
- Fix bcrypt: replace passlib (broken on Python 3.14 + bcrypt 5.x) with
  direct bcrypt calls; drop passlib from requirements.txt
- Fix datetime.utcnow() deprecation across routes and tests
- Fix Jinja2 TemplateResponse signature (request as first positional arg)
- Add coverage config to pyproject.toml

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

web/main.py

@@ -67,8 +67,7 @@ from fastapi.exception_handlers import http_exception_handler  # noqa: E402
 
 @app.exception_handler(403)
 async def forbidden_handler(request: Request, exc: HTTPException) -> HTMLResponse:
-    return templates.TemplateResponse("message.html", {
-        "request": request,
+    return templates.TemplateResponse(request, "message.html", {
         "user": None,
         "title": "Нет доступа",
         "message": "У вас недостаточно прав для просмотра этой страницы.",