fix: JWT tokens expire instantly + double /api prefix in analytics

- Auth service used flat env var names (JWT_SECRET, JWT_ACCESS_EXPIRY_SECONDS)
  but @nestjs/config nests them under jwt.* — configService.get() returned
  undefined, so expiresIn was 0 and tokens expired on issue (iat === exp)
- JWT strategy had same bug for secretOrKey
- AnalyticsView passed /api/analytics/... to useApi which already prepends /api,
  resulting in /api/api/analytics/... (404)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

frontend/src/views/admin/AnalyticsView.vue

@@ -33,8 +33,8 @@ const loadAnalytics = async () => {
     const hours = rangeToHours(timeRange.value)
 
     const [summaryRes, timeseriesRes] = await Promise.all([
-      api.get<AnalyticsSummary>(`/api/analytics/summary?range=${hours}`),
-      api.get<TimeseriesData>(`/api/analytics/timeseries?range=${hours}&granularity=hourly`)
+      api.get<AnalyticsSummary>(`/analytics/summary?range=${hours}`),
+      api.get<TimeseriesData>(`/analytics/timeseries?range=${hours}&granularity=hourly`)
     ])
 
     summary.value = summaryRes