docs(auth): add password security hardening plan and code markers

mongoDB.js

@@ -41,6 +41,10 @@ const getDB = new Promise((resolve, reject) => {
         DB.usersCol = db.db(DBName).collection("users");
         DB.tokensCol = db.db(DBName).collection("tokens");
         DB.invitationCol = db.db(DBName).collection("invitation");
+        // SECURITY PLAN (point #1):
+        // Add password reset token collection + TTL index, e.g.:
+        // DB.passwordResetTokensCol = db.db(DBName).collection("password_reset_tokens");
+        // DB.passwordResetTokensCol.createIndex({ expiresAt: 1 }, { expireAfterSeconds: 0 });
     
         DB.checkSessionOnDB = async (session_id, user_sid)=>{
             const temp_id = new mongo.ObjectID(session_id);