Closed login timing oracle and password-change race condition

Two authentication hardening fixes.

The login endpoint previously took measurably less time to respond when the submitted email did not exist than when it existed with a wrong password. The two branches now run an equal-cost password hash, so response time no longer discloses whether an account is registered. Internal measurements put both branches at the same single-hash cost.

The change-password endpoint previously allowed two concurrent change requests for the same account to silently overwrite each other, with the last writer winning. The endpoint now uses an optimistic-locking update that requires the prior password hash to match. A losing concurrent request now returns HTTP 409 instead of completing silently, and the affected user is shown a clear retry message.

SaaS tenants are already patched. Self-hosted customers should upgrade to v1.10.10 or later.