fix: login response missing app_roles — platform nav not showing

LoginController used UserResource (returns `roles`) but the frontend
authStore.setUser() expects MeResponse format with `app_roles`. After
login, appRoles was set to undefined, making isSuperAdmin always false.
Combined with isInitialized staying true after the initial failed
/auth/me call, the correct /auth/me was never re-fetched after login.

Fix: use MeResource in LoginController (same as MeController) so the
login response includes app_roles, permissions, and portal_events.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

api/app/Http/Controllers/Api/V1/LoginController.php

@@ -7,7 +7,7 @@ namespace App\Http\Controllers\Api\V1;
 use App\Http\Controllers\Api\V1\Traits\SetAuthCookie;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\Api\V1\LoginRequest;
-use App\Http\Resources\Api\V1\UserResource;
+use App\Http\Resources\Api\V1\MeResource;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
@@ -28,12 +28,18 @@ final class LoginController extends Controller
             return $this->unauthorized('Invalid credentials');
         }
 
-        $user = Auth::user()->load(['organisations', 'roles']);
+        $user = Auth::user()->load([
+            'organisations',
+            'roles',
+            'permissions',
+            'persons' => fn ($q) => $q->with(['event:id,name,slug,start_date,end_date,organisation_id', 'event.organisation:id,name']),
+        ]);
+
         $token = $user->createToken('auth-token')->plainTextToken;
         $cookieName = $this->resolveCookieName($request);
 
         return $this->success([
-            'user' => new UserResource($user),
+            'user' => new MeResource($user),
         ], 'Login successful')
             ->withCookie($this->makeAuthCookie($cookieName, $token));
     }