fix: align auth login nonce and token expiry

[charlesedeh021-cell]

Summary

This PR fixes two assigned authentication issues in the wallet login flow.

Changes

• Moves auth challenge deletion until after Stellar signature verification succeeds.
• Keeps the challenge nonce valid when signature verification fails or throws, allowing the user to retry with the same challenge.
• Exposes the JWT expiry value from JwtService through expiresIn.
• Updates AuthController.login() to return the expiry from JwtService instead of hardcoding '7d'.
• Updates auth controller specs to assert that failed signature verification does not delete the nonce.
• Updates login response specs to assert that expiresIn matches the value exposed by JwtService.
• Adds a JWT service spec for the exposed expiry value.

Closes #91
Closes #92
Closes #89
Closes #90

Notes

The nonce is still deleted for expired challenges, but it is no longer deleted before signature verification. This preserves the one-time-use behavior for successful login while avoiding accidental or malicious challenge consumption on failed verification.

The JWT expiry remains 7d, but it now has a single source in JwtService, so future expiry changes will automatically be reflected in the login response.

Testing

Not run, per request.

I only ran git diff --check.

[drips-wave]

@charlesedeh021-cell Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits