fix: decouple share access from owner session state

[aarushlohit]

Description

Fix share permissions being incorrectly coupled to owner's session state.

Problem: SharedSnippet had no user_id — share creation was anonymous with no auth required. There was no ownership tracking, meaning shares couldn't be associated with their creator. More critically, the architecture didn't explicitly separate token-based share access from session state, making it fragile if downstream code introduced owner-session checks.

Solution:

1. models.py — Added user_id (nullable FK → users.id) and owner relationship to SharedSnippet
2. share.py — POST /share/ now requires authentication via Depends(get_current_user) and stores current_user.id; GET /share/{token} remains completely public — no auth dependency at all, ensuring share links work regardless of whether the owner is logged in
3. schemas.py — Added user_id field to ShareRecord so API consumers know who created the share
4. tests/test_share.py — Rewrote with 4 tests:
   • test_create_share_requires_auth — unauthenticated POST returns 401
   • test_create_and_fetch_share — full happy path with authenticated creation
   • test_share_accessible_after_owner_logout — key test: create share with auth, then fetch it without any auth headers → proves access is independent of owner session
   • test_expired_share_returns_404 — unchanged expiry behavior

Related Issue

Fixes #545

Type of change

• Bug fix
• New feature / enhancement
• Documentation update
• Test addition
• Refactor

Checklist

• I have read CONTRIBUTING.md
• My branch is up to date with main
• I have run pytest -v and all tests pass
• I have not introduced duplicate issues or features
• My PR title follows the format: feat/fix/docs/test: short description
• I have added tests for new features (Level 2 and 3 issues)
• No hardcoded secrets or API keys in my code
• This PR is linked to a GSSoC 2026 issue

Test evidence

$ python -m pytest tests/test_share.py -v
============================= test session starts ==============================
platform linux -- Python 3.14.5, pytest-9.1.0, pluggy-1.6.0
rootdir: /home/aarush/Myoffice/OpenSource/GSSoc2026/AI-dev-assistant
configfile: pyproject.toml
plugins: asyncio-1.4.0, anyio-4.14.0
collecting ... collected 4 items

tests/test_share.py::test_create_share_requires_auth PASSED              [ 25%]
tests/test_share.py::test_create_and_fetch_share PASSED                  [ 50%]
tests/test_share.py::test_share_accessible_after_owner_logout PASSED     [ 75%]
tests/test_share.py::test_expired_share_returns_404 PASSED               [100%]

============================== 4 passed in 0.69s ==============================

$ python -m pytest tests/test_auth_endpoints.py -v
============================= test session starts ==============================
platform linux -- Python 3.14.5, pytest-9.1.0, pluggy-1.6.0
rootdir: /home/aarush/Myoffice/OpenSource/GSSoc2026/AI-dev-assistant
configfile: pyproject.toml
plugins: asyncio-1.4.0, anyio-4.14.0
collecting ... collected 4 items

tests/test_auth_endpoints.py::test_auth_routes_are_exposed_in_openapi PASSED [ 25%]
tests/test_auth_endpoints.py::test_signup_login_and_me_happy_path PASSED [ 50%]
tests/test_auth_endpoints.py::test_signup_duplicate_email_returns_409 PASSED [ 75%]
tests/test_auth_endpoints.py::test_me_rejects_missing_and_invalid_token PASSED [100%]

============================== 4 passed in 0.67s ==============================

[imDarshanGK]

@aarushlohit