docs: update project docs and clean up redundant files

- PROGRESS.md: update to 2026-05-29 with security hardening (T-005),
  4-frontend architecture, AI provider refactoring, discovery features,
  landing page/referral/quota, desktop layout, admin AI management
- AGENTS.md: add AI provider list (Alibaba/NVIDIA, removed Claude/DeepL/Local),
  DB-driven config, CSRF/rate-limit/CORS notes, admin_ai reload quirk
- .env.example: sync with actual config, replace deprecated providers
  with current Sensenova/OpencodeGo/NVIDIA/Spark/Alibaba
- docs/PROJECT_STATUS.md: archive (fully superseded by PROGRESS.md)
- Remove generated JS files (_bing_search.js, _batch_search.js)
- Remove empty directories (data/corpus, data/models)
- Remove backend/.coverage (test artifact)
- Fix services/.gitignore to cover _bing_search.js
- Include pending AI provider DB admin feature (admin_ai, AIProvider model,
  AIProviders.vue, migration) and T-008 test report

backend/tests/test_auth_api.py

@@ -40,7 +40,7 @@ class TestAuthAPI:
     async def test_login_success(self, client: AsyncClient, test_user):
         response = await client.post(
             "/api/v1/auth/login",
-            data={
+            json={
                 "username": "13800138000",
                 "password": "test123456",
             },
@@ -54,7 +54,7 @@ class TestAuthAPI:
     async def test_login_wrong_password(self, client: AsyncClient, test_user):
         response = await client.post(
             "/api/v1/auth/login",
-            data={
+            json={
                 "username": "13800138000",
                 "password": "wrongpassword",
             },
@@ -64,7 +64,7 @@ class TestAuthAPI:
     async def test_login_nonexistent_user(self, client: AsyncClient):
         response = await client.post(
             "/api/v1/auth/login",
-            data={
+            json={
                 "username": "13999999999",
                 "password": "test123456",
             },