fix: Remove client-side auth from ProtectedRoute causing redirect loops

- Disabled client-side auth checks in ProtectedRoute component
- Added server-side auth to onboarding/organization.astro
- ProtectedRoute now acts as simple wrapper, auth handled server-side
- Resolves setup screen → home redirect loop issue

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

src/pages/onboarding/organization.astro

@@ -1,6 +1,16 @@
 ---
 import SecureLayout from '../../layouts/SecureLayout.astro';
 import ProtectedRoute from '../../components/ProtectedRoute.astro';
+import { verifyAuth } from '../../lib/auth-unified';
+
+// Enable server-side rendering for auth checks
+export const prerender = false;
+
+// Server-side authentication check
+const auth = await verifyAuth(Astro.cookies);
+if (!auth) {
+  return Astro.redirect('/login');
+}
 ---
 
 <ProtectedRoute>