fix(security #5): remove plaintext logging of Emby auth response and user object

The full authResponse.data (containing AccessToken) and user object
were being logged via console.log → written to server.log on disk.
Replaced with a single safe log line showing only name and isAdmin.

server/routes/auth.js

@@ -23,7 +23,6 @@ router.post('/login', async (req, res) => {
     });
     
     const authData = authResponse.data;
-    console.log(`[Auth] Emby auth response:`, JSON.stringify(authData));
     
     // Get user info using the access token
     const userResponse = await axios.get(`${EMBY_URL}/Users/${authData.User.Id || authData.User.id}`, {
@@ -33,8 +32,7 @@ router.post('/login', async (req, res) => {
     });
     
     const user = userResponse.data;
-    console.log(`[Auth] User info:`, JSON.stringify(user));
-    console.log(`[Auth] Login successful for user: ${user.Name}`);
+    console.log(`[Auth] Login successful for user: ${user.Name}, isAdmin: ${!!(user.Policy && user.Policy.IsAdministrator)}`);
     
     // Set authentication cookie
     // Note: token is intentionally excluded from the cookie — it is not needed client-side