feat(story-1.4): user login with remember_me, inline error, logout

- Login Twig template: styled to match register page; inline "Incorrect email or
  password" on both fields (no email-existence disclosure); aria-invalid on error
- security.yaml: always_remember_me: true — REMEMBERME cookie set on every login
- Logout: /logout → session invalidated → 302 /login (Symfony firewall handles it)

Verified: correct creds → 302 / + REMEMBERME cookie; wrong creds → 302 /login +
          inline error on re-render; logout → 302 /login; GET / after logout → 302 /login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

config/packages/security.yaml

@@ -26,7 +26,7 @@ security:
             remember_me:
                 secret: '%kernel.secret%'
                 lifetime: 2592000  # 30 days
-                always_remember_me: false
+                always_remember_me: true
 
     role_hierarchy:
         ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN]