refactor(api): deduplicate shared auth request payloads into auth_entities.py

[corevibe555]

Part of #32385.

Summary

• Extract LoginPayloadBase (email + password fields) into services/entities/auth_entities.py as a shared base class
• Extract ForgotPasswordSendPayload, ForgotPasswordCheckPayload, ForgotPasswordResetPayload into the same shared module
• Web LoginPayload inherits base and adds password format validator; console LoginPayload inherits base and adds remember_me/invite_token fields
• Remove identical class definitions from controllers/web/login.py, controllers/console/auth/login.py, controllers/web/forgot_password.py, controllers/console/auth/forgot_password.py

Why this change

ForgotPasswordSendPayload, ForgotPasswordCheckPayload, and ForgotPasswordResetPayload were defined identically in both web/forgot_password.py and console/auth/forgot_password.py. LoginPayload shared the same email/password core across web/login.py and console/auth/login.py with minor field additions per controller.

Consolidating into services/entities/ follows Dify's existing pattern (services/entities/knowledge_entities/, services/entities/model_provider_entities.py) and ensures a single source of truth for auth request schemas.

Changes

• services/entities/auth_entities.py: New file — LoginPayloadBase, ForgotPasswordSendPayload, ForgotPasswordCheckPayload, ForgotPasswordResetPayload
• controllers/web/forgot_password.py: Remove 3 class definitions, import from shared module
• controllers/console/auth/forgot_password.py: Remove 3 class definitions, import from shared module
• controllers/web/login.py: LoginPayload extends LoginPayloadBase, adds password validator
• controllers/console/auth/login.py: LoginPayload extends LoginPayloadBase, adds remember_me/invite_token

Test plan

• ruff check passes

[github-actions]

Pyrefly Diff

No changes detected.

[github-actions]

Pyrefly Diff

No changes detected.