feat: add complete Mayday iOS Xcode project

- Swift 6, SwiftUI, MVVM + async/await architecture
- iOS 17.0 minimum deployment target
- Two targets: Mayday app + MaydayLiveActivity widget extension
- Models: UserResponse, TokenPair, AppNotification, SessionResponse, AlertAttributes
- Services: HTTPClient (actor), AuthService, KeychainService, NotificationsAPIService, PushNotificationService
- ViewModels: AuthViewModel, NotificationsViewModel, SettingsViewModel
- Views: Login/Register/VerifyEmail, NotificationsList/Detail, Settings/ChangePassword/Sessions
- APNs push notifications with UIApplicationDelegate
- ActivityKit Live Activities for Dynamic Island + Lock Screen
- Keychain (Security framework) token storage
- 30-second polling with pagination for notifications
- Xcode project file (project.pbxproj) with correct build phases for both targets

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Mayday/ViewModels/AuthViewModel.swift

@@ -0,0 +1,89 @@
+import Foundation
+import SwiftUI
+
+@MainActor
+class AuthViewModel: ObservableObject {
+    @Published var isAuthenticated = false
+    @Published var currentUser: UserResponse?
+    @Published var isLoading = false
+    @Published var error: String?
+
+    private let auth = AuthService.shared
+    private let keychain = KeychainService.shared
+
+    func checkAuthStatus() async {
+        guard keychain.loadAccessToken() != nil else {
+            isAuthenticated = false
+            return
+        }
+        isLoading = true
+        defer { isLoading = false }
+        do {
+            currentUser = try await auth.getMe()
+            isAuthenticated = true
+            await requestPushIfNeeded()
+        } catch APIError.unauthorized {
+            isAuthenticated = false
+        } catch {
+            isAuthenticated = false
+        }
+    }
+
+    func login(email: String, password: String) async {
+        isLoading = true
+        error = nil
+        defer { isLoading = false }
+        do {
+            currentUser = try await auth.login(email: email, password: password)
+            isAuthenticated = true
+            await requestPushIfNeeded()
+        } catch {
+            self.error = error.localizedDescription
+        }
+    }
+
+    func register(email: String, password: String) async -> Bool {
+        isLoading = true
+        error = nil
+        defer { isLoading = false }
+        do {
+            _ = try await auth.register(email: email, password: password)
+            return true
+        } catch {
+            self.error = error.localizedDescription
+            return false
+        }
+    }
+
+    func verifyEmail(email: String, code: String) async {
+        isLoading = true
+        error = nil
+        defer { isLoading = false }
+        do {
+            _ = try await auth.verifyEmail(email: email, code: code)
+            // Auto-login after verification is handled by calling login from view
+        } catch {
+            self.error = error.localizedDescription
+        }
+    }
+
+    func logout() async {
+        isLoading = true
+        defer { isLoading = false }
+        do {
+            try await auth.logout()
+        } catch {
+            // Clear anyway
+            keychain.clearTokens()
+        }
+        isAuthenticated = false
+        currentUser = nil
+    }
+
+    private func requestPushIfNeeded() async {
+        let granted = await PushNotificationService.shared.requestPermission()
+        if granted {
+            PushNotificationService.shared.registerForRemoteNotifications()
+        }
+    }
+}