fix: hash teacher passwords using Web Crypto API

[YLaxmikanth]

Related Issue

Closes #21

Summary

Replaced plain-text password storage with secure password hashing using the browser's Web Crypto API.

Changes Made

• Added SHA-256 password hashing using the Web Crypto API.
• Hash passwords before storing them during teacher registration.
• Compare hashed passwords during login instead of plain-text strings.
• Added automatic migration for existing plaintext passwords after successful authentication.
• Updated authentication flow to support asynchronous password hashing.
• Removed the bcrypt dependency, using the browser's built-in cryptography instead.

Security Improvements

• Passwords are no longer stored in plain text.
• Existing users are migrated automatically after a successful login.
• No external hashing library is required.
• Credentials stored in localStorage are no longer directly readable.

Testing

• Verified new registrations store SHA-256 hashes.
• Verified login succeeds using hashed passwords.
• Verified legacy plaintext accounts migrate correctly.
• Verified production build passes (npm run build).
• Verified lint passes (npm run lint).

[vercel]

@YLaxmikanth is attempting to deploy a commit to the Rishima's projects Team on Vercel.

A member of the Team first needs to authorize it.

[vishnukothakapu]

Thanks for addressing the plaintext password storage issue. The migration logic looks good, but I have one concern: using plain SHA-256 for password hashing isn't recommended for passwords, as it's designed to be fast and is vulnerable to brute-force attacks. A password hashing algorithm like bcrypt, Argon2, or PBKDF2 (available via the Web Crypto API) would provide much stronger protection. Please consider using one of these instead. Once updated, push the changes and mark this conversation as resolved.