Remove client-side SHA-256 pre-hashing from setup and login

The sha256Hex helper used window.crypto.subtle.digest(), which is only
available in a secure context (HTTPS / localhost). In the HTTP Docker
environment crypto.subtle is undefined, causing a TypeError before any
request is sent — the setup and login forms both silently failed with
'An unexpected error occurred'.

Fix: pass raw passwords directly to the API. The backend already applies
bcrypt, which is sufficient. No stored hashes need migration because
setup never completed successfully in the HTTP environment.

* frontend/src/pages/SetupPage.tsx  — remove sha256Hex call
* frontend/src/api/auth.ts          — remove sha256Hex call
* frontend/src/pages/__tests__/SetupPage.test.tsx — drop crypto mock
* frontend/src/utils/crypto.ts      — deleted (no remaining callers)

frontend/src/pages/__tests__/SetupPage.test.tsx

@@ -10,11 +10,6 @@ vi.mock("../../api/setup", () => ({
   submitSetup: vi.fn(),
 }));
 
-// Mock the crypto utility — we only need it to resolve without testing SHA256.
-vi.mock("../../utils/crypto", () => ({
-  sha256Hex: vi.fn().mockResolvedValue("hashed-password"),
-}));
-
 import { getSetupStatus } from "../../api/setup";
 
 const mockedGetSetupStatus = vi.mocked(getSetupStatus);