feat(server): support access token (#13372)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Introduced user access tokens, enabling users to generate, list, and
revoke personal access tokens via the GraphQL API.
* Added GraphQL mutations and queries for managing access tokens,
including token creation (with optional expiration), listing, and
revocation.
* Implemented authentication support for private API endpoints using
access tokens in addition to session cookies.

* **Bug Fixes**
  * None.

* **Tests**
* Added comprehensive tests for access token creation, listing,
revocation, expiration handling, and authentication using tokens.

* **Chores**
* Updated backend models, schema, and database migrations to support
access token functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

packages/backend/server/migrations/20250730104457_access_token/migration.sql

@@ -0,0 +1,20 @@
+-- CreateTable
+CREATE TABLE "access_tokens" (
+    "id" VARCHAR NOT NULL,
+    "name" VARCHAR NOT NULL,
+    "token" VARCHAR NOT NULL,
+    "user_id" VARCHAR NOT NULL,
+    "created_at" TIMESTAMPTZ(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "expires_at" TIMESTAMPTZ(3),
+
+    CONSTRAINT "access_tokens_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "access_tokens_token_key" ON "access_tokens"("token");
+
+-- CreateIndex
+CREATE INDEX "access_tokens_user_id_idx" ON "access_tokens"("user_id");
+
+-- AddForeignKey
+ALTER TABLE "access_tokens" ADD CONSTRAINT "access_tokens_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;