Improve User model for production readiness (validation & security)

[jikrana1]

Problem

The current User schema (models/User.js) works functionally but has a few gaps
that should be fixed before production use, mainly around validation and
sensitive data exposure.

Proposed Improvements

1. Email validation — add regex check so invalid emails can't be saved.
2. Password exposure — add select: false to password field so it
   doesn't accidentally leak in API responses (e.g. User.find()).
3. Reset token exposure — add select: false to resetPasswordToken and
   resetPasswordExpires since these are sensitive fields too.
4. googleId / githubId uniqueness — add a sparse unique index so OAuth IDs
   stay unique without breaking local users who don't have these fields.
5. Response sanitization — add a toJSON transform to automatically strip
   password, resetPasswordToken, resetPasswordExpires, and __v from any
   JSON response.
6. Name field — add a reasonable maxlength for basic input sanity.

⚠️ Note for maintainer

Adding select: false to password is a small breaking change — any existing
code that does User.findOne({ email }) and then compares user.password will
need .select('+password') added in that query. I'm happy to update the auth
controller as part of this PR if needed.

Can I take this issue?

I'd like to work on this — please assign it to me if it looks good. I'll raise
a PR with the updated schema.

[jikrana1]

Hi ,
I'd like to work on this issue.
Could you please assign it to me?
Thank you!