refactor: odstraneni PSR-1 SideEffects warningu

- Handler funkce extrahovany z API souboru do api/admin/handlers/
- config.php rozdeleny na helpers.php (funkce) a constants.php (konstanty)
- require_once odstranen z class souboru (AuditLog, JWTAuth, LeaveNotification)
- vendor/autoload.php presunuto do config.php bootstrap
- totp-handlers.php: pridany use deklarace pro TwoFactorAuth
- phpstan.neon: bootstrapFiles, scanDirectories, dynamicConstantNames
- Opraveny chybejici routing bloky v totp.php a session.php

Vysledek: phpcs 0 errors 0 warnings, PHPStan 0 errors, ESLint 0 errors

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

api/admin/session.php

@@ -26,6 +26,7 @@ declare(strict_types=1);
 require_once dirname(__DIR__) . '/config.php';
 require_once dirname(__DIR__) . '/includes/JWTAuth.php';
 require_once dirname(__DIR__) . '/includes/RateLimiter.php';
+require_once __DIR__ . '/handlers/session-handlers.php';
 
 setCorsHeaders();
 setSecurityHeaders();
@@ -48,24 +49,6 @@ if (!in_array($_SERVER['REQUEST_METHOD'], ['GET', 'POST'])) {
     errorResponse('Metoda není povolena', 405);
 }
 
-/** @return array<string, mixed> */
-function get2FAInfo(PDO $pdo, int $userId): array
-{
-    try {
-        $stmt = $pdo->prepare("SELECT totp_enabled FROM users WHERE id = ?");
-        $stmt->execute([$userId]);
-        $row = $stmt->fetch();
-
-        $r2fa = $pdo->query("SELECT require_2fa FROM company_settings LIMIT 1");
-        return [
-            'totp_enabled' => (bool) ($row['totp_enabled'] ?? false),
-            'require_2fa' => (bool) $r2fa->fetchColumn(),
-        ];
-    } catch (PDOException $e) {
-        return ['totp_enabled' => false, 'require_2fa' => false];
-    }
-}
-
 $authData = JWTAuth::optionalAuth();
 
 if ($authData) {