fix(auth) : use dedicated plainPassword field for password hashing

- Add non-persisted plainPassword field to User entity (write-only via API)
- Remove direct write access to password field
- Update UserPasswordHasherProcessor to hash from plainPassword
- Update frontend DTO and UserDrawer component

Ticket: T-009

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/Entity/User.php

@@ -61,9 +61,11 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
     private array $roles = [];
 
     #[ORM\Column]
-    #[Groups(['user:write'])]
     private ?string $password = null;
 
+    #[Groups(['user:write'])]
+    private ?string $plainPassword = null;
+
     #[ORM\Column(type: Types::DATETIME_IMMUTABLE)]
     private ?DateTimeImmutable $createdAt = null;
 
@@ -224,5 +226,20 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
         return '/api/users/'.$this->id.'/avatar';
     }
 
-    public function eraseCredentials(): void {}
+    public function getPlainPassword(): ?string
+    {
+        return $this->plainPassword;
+    }
+
+    public function setPlainPassword(?string $plainPassword): static
+    {
+        $this->plainPassword = $plainPassword;
+
+        return $this;
+    }
+
+    public function eraseCredentials(): void
+    {
+        $this->plainPassword = null;
+    }
 }