Add SMS quote approval, fix Twilio credentials, fix passkey post-login redirect

- Add 'Send Quote via SMS' button on quote details page that sends the approval
  link to the customer via SMS (respects NotifyBySms, handles prospects via ProspectPhone)
- Reuses existing valid approval token rather than regenerating, so a previously
  emailed link stays valid when SMS is also sent
- Fix Twilio appsettings.json placeholders (real credentials moved to gitignored
  appsettings.Development.json)
- Fix passkey login ignoring ReturnUrl: biometric login on the login page now
  respects the form's ReturnUrl hidden field so QR-code and deep-link flows
  redirect correctly after authentication instead of always going to the dashboard

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/PowderCoating.Web/wwwroot/js/passkey.js

@@ -256,7 +256,11 @@ document.addEventListener('DOMContentLoaded', async () => {
         const result = await loginWithPasskey();
 
         if (result.success) {
-            window.location.href = result.redirectUrl || '/';
+            // Prefer the login page's ReturnUrl hidden field (set by the server to route
+            // through EnrollPrompt with the original destination) over the server's default
+            // dashboard redirect, so QR-code and deep-link flows land in the right place.
+            const formReturnUrl = document.querySelector('input[name="ReturnUrl"]')?.value;
+            window.location.href = formReturnUrl || result.redirectUrl || '/';
         } else if (!result.cancelled) {
             passkeyBtn.disabled = false;
             passkeyBtn.innerHTML = `<i class="bi bi-fingerprint"></i> ${label}`;