fix(api): propagate requestId for register and reset-password

Backend requires X-Request-Id header from the verification code send
response. Wire requestId through email/auth-extra API returns, register
and forgot-password pages, and auth API request headers.

lib/api/auth.ts

@@ -7,6 +7,7 @@ export type RegisterInput = {
   email: string
   password: string
   vcode?: string
+  requestId?: string
 }
 
 export type LoginInput = {
@@ -28,9 +29,13 @@ export async function register(input: RegisterInput): Promise<User> {
   if (!email) throwApiError(400, "请输入邮箱")
   if (!password || password.length < 6) throwApiError(400, "密码至少6位")
 
+  const headers: Record<string, string> = {}
+  if (input.requestId) headers["X-Request-Id"] = input.requestId
+
   const res = await httpJson<{ user: User }>("/api/v1/auth/register", {
     method: "POST",
     json: { username, email, password, vcode },
+    headers,
   })
   return res.user
 }
@@ -53,6 +58,7 @@ export async function resetPassword(input: {
   email: string
   vcode: string
   newPassword: string
+  requestId?: string
 }): Promise<void> {
   const email = input.email.trim()
   const vcode = input.vcode.trim()
@@ -62,8 +68,12 @@ export async function resetPassword(input: {
   if (!vcode) throwApiError(400, "请输入验证码")
   if (!newPassword || newPassword.length < 8) throwApiError(400, "密码至少8位")
 
+  const headers: Record<string, string> = {}
+  if (input.requestId) headers["X-Request-Id"] = input.requestId
+
   await httpJson<unknown>("/api/v1/auth/reset-password", {
     method: "POST",
     json: { email, vcode, newPassword },
+    headers,
   })
 }