test(pitch-deck): vitest setup + tests for auth + admin-auth + rate-limit

Adds vitest with 36 tests covering the security primitives:

- lib/auth: token gen uniqueness, hashToken determinism, JWT roundtrip,
  validateAdminSecret bearer flow, getClientIp x-forwarded-for parsing
- lib/admin-auth: bcrypt hash uniqueness/verify, JWT roundtrip,
  audience claim isolation (admin JWT does not validate as investor JWT)
- lib/rate-limit: limit enforcement, key isolation, window reset via
  fake timers, preset config sanity

Pure-function coverage only — route handler integration tests would
need a test DB and are deferred.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

pitch-deck/package.json

@@ -6,7 +6,9 @@
     "dev": "next dev -p 3012",
     "build": "next build",
     "start": "next start -p 3012",
-    "admin:create": "tsx scripts/create-admin.ts"
+    "admin:create": "tsx scripts/create-admin.ts",
+    "test": "vitest run",
+    "test:watch": "vitest"
   },
   "dependencies": {
     "bcryptjs": "^3.0.3",
@@ -27,10 +29,12 @@
     "@types/pg": "^8.11.10",
     "@types/react": "^18.3.16",
     "@types/react-dom": "^18.3.5",
+    "@vitest/expect": "^4.1.2",
     "autoprefixer": "^10.4.20",
     "postcss": "^8.4.49",
     "tailwindcss": "^3.4.16",
     "tsx": "^4.21.0",
-    "typescript": "^5.7.2"
+    "typescript": "^5.7.2",
+    "vitest": "^4.1.2"
   }
 }