feat: mobile Login-Seite /mobile/login

- MobileLoginPage.tsx: touch-optimiertes Login-Formular
  - E-Mail + Passwort mit großen Touch-Targets (min-h-[52px])
  - TOTP-Flow: nach erstem Login automatisch 6-stelliges Code-Feld
  - Numerische Tastatur (inputMode=numeric) für TOTP-Eingabe
  - Fehlerbehandlung + Ladezustand
  - Link zur Desktop-Version
- MobilePage: Redirect zu /mobile/login statt /login
- App.tsx: Route /mobile/login registriert (kein Layout-Wrapper)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

DEVLOG.md

@@ -1017,3 +1017,80 @@ Keine Commits in dieser Session.
 - docs/deployment.md | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
 ---
+## 2026-05-24 13:15 – 19:45 (6h 29m)
+**Beschreibung:** Claude Code Session
+**Projekt:** timemaster
+
+### Commits
+- 62c4e74 security: 9 Findings aus Security-Audit behoben (CRITICAL + HIGH + MEDIUM)
+
+### Geänderte Dateien
+- DEVLOG.md                                          | 63 ++++++++++++++++++++
+- backend/app/core/crypto.py                         | 42 +++++++++++++
+- backend/app/core/kiosk_security.py                 | 37 ++++++++----
+- backend/app/main.py                                | 18 ++++--
+- backend/app/models/ldap_config.py                  |  2 +-
+- backend/app/models/user.py                         |  2 +-
+- backend/app/routers/auth.py                        | 51 +++++++++++++---
+- backend/app/routers/import_kimai.py                | 17 +++++-
+- backend/app/routers/users.py                       | 20 ++++++-
+- backend/app/services/auth_service.py               | 13 ++++-
+- backend/app/services/caldav_service.py             | 17 ++++++
+- backend/migrations/versions/0026_security_fixes.py | 68 ++++++++++++++++++++++
+
+---
+## 2026-05-24 19:53 – 20:58 (1h 05m)
+**Beschreibung:** Claude Code Session
+**Projekt:** timemaster
+
+### Commits
+Keine Commits in dieser Session.
+
+### Geänderte Dateien
+- DEVLOG.md                                          | 63 ++++++++++++++++++++
+- backend/app/core/crypto.py                         | 42 +++++++++++++
+- backend/app/core/kiosk_security.py                 | 37 ++++++++----
+- backend/app/main.py                                | 18 ++++--
+- backend/app/models/ldap_config.py                  |  2 +-
+- backend/app/models/user.py                         |  2 +-
+- backend/app/routers/auth.py                        | 51 +++++++++++++---
+- backend/app/routers/import_kimai.py                | 17 +++++-
+- backend/app/routers/users.py                       | 20 ++++++-
+- backend/app/services/auth_service.py               | 13 ++++-
+- backend/app/services/caldav_service.py             | 17 ++++++
+- backend/migrations/versions/0026_security_fixes.py | 68 ++++++++++++++++++++++
+
+---
+## 2026-05-24 21:00 – 21:05 (5m)
+**Beschreibung:** Claude Code Session
+**Projekt:** timemaster
+
+### Commits
+Keine Commits in dieser Session.
+
+### Geänderte Dateien
+- DEVLOG.md                                          | 63 ++++++++++++++++++++
+- backend/app/core/crypto.py                         | 42 +++++++++++++
+- backend/app/core/kiosk_security.py                 | 37 ++++++++----
+- backend/app/main.py                                | 18 ++++--
+- backend/app/models/ldap_config.py                  |  2 +-
+- backend/app/models/user.py                         |  2 +-
+- backend/app/routers/auth.py                        | 51 +++++++++++++---
+- backend/app/routers/import_kimai.py                | 17 +++++-
+- backend/app/routers/users.py                       | 20 ++++++-
+- backend/app/services/auth_service.py               | 13 ++++-
+- backend/app/services/caldav_service.py             | 17 ++++++
+- backend/migrations/versions/0026_security_fixes.py | 68 ++++++++++++++++++++++
+
+---
+## 2026-05-24 21:09 – 21:12 (3m)
+**Beschreibung:** Claude Code Session
+**Projekt:** timemaster
+
+### Commits
+- 8a04525 fix: auto-refresh access token on 401 in API client
+
+### Geänderte Dateien
+- frontend/src/api/client.ts | 56 ++++++++++++++++++++++++++++++++++++++++++++++
+
+---