fix: cache auth session on locals to prevent cookies.set after response

The authorization hook already calls locals.auth() which can set cookies.
Layout server loads calling auth() again caused a race where cookies.set()
fired after the response started streaming. Now the hook stashes the session
on locals.session and all layouts reuse it.

src/hooks.server.ts

@@ -20,7 +20,8 @@ await dbConnect().then(() => {
 
 async function authorization({ event, resolve }: Parameters<Handle>[0]) {
 	const session = await event.locals.auth();
-	
+	event.locals.session = session;
+
 	// Protect rezepte routes
 	if (event.url.pathname.startsWith('/rezepte/edit') || event.url.pathname.startsWith('/rezepte/add')) {
 		if (!session) {