fix(auth): force full reload after login to avoid cookie race

router.push('/') performs client-side navigation, which causes AppShell
to mount and fire /auth/me before the browser has committed the
Set-Cookie from the login response. The result was a 401 on the first
/auth/me, bouncing the user back to /login as if the credentials were
wrong; only after a couple of retries (and an eventual hard reload)
would the cookie be picked up and the dashboard load.

Switch to window.location.href = '/' so the browser performs a full
navigation. The cookie jar is guaranteed to be committed before the new
page loads, so the very first /auth/me succeeds.

frontend/app/login/page.tsx

@@ -1,14 +1,12 @@
 "use client";
 
 import { useState } from 'react';
-import { useRouter } from 'next/navigation';
 import api from '../../lib/api';
 
 export default function LoginPage() {
     const [username, setUsername] = useState('');
     const [password, setPassword] = useState('');
     const [error, setError] = useState('');
-    const router = useRouter();
 
     const handleLogin = async (e: React.FormEvent) => {
         e.preventDefault();
@@ -18,7 +16,7 @@ export default function LoginPage() {
             const response = await api.post('/auth/login', { username, password });
 
             if (response.data.access_token) {
-                router.push('/');
+                window.location.href = '/';
             } else {
                 setError('Login failed: No access token received.');
             }