Self-hosted authentication: no working email verification flow

[ashwin47]

The current authentication flow doesn't work well for self-hosting:

1. SMTP not configured (SMTP_HOST blank): Users are auto-confirmed on signup. Anyone who can reach the instance can create an account with any email — no verification at all.

2. SMTP configured (SMTP_HOST set): Signup generates a verification token and requires email verification to log in, but no email is ever actually sent. There are no mailers, no email templates, and no delivery mechanism. Users get stuck — they can't verify and can't log in.

So neither path gives a working, secure self-hosted setup.

Suggestion

Two possible approaches:

1. ADMIN_EMAIL env var — auto-create and auto-confirm an admin account on first boot using this email. Keeps the setup simple and doesn't require any email infrastructure.

2. API-based email providers — support providers like Resend or SES alongside SMTP, so self-hosters behind VPNs (where SMTP is often blocked) have a working email delivery option.