fix: Switch to @supabase/ssr for browser client

- Use createBrowserClient from @supabase/ssr instead of supabase-js
- Stores auth session in cookies (not localStorage) for SSR compatibility
- Server actions can now access authenticated user sessions
- Fixes 'Nicht autorisiert' error in split creation

src/lib/supabase/client.ts

@@ -1,7 +1,6 @@
-import { createClient as createSupabaseClient } from '@supabase/supabase-js';
+import { createBrowserClient } from '@supabase/ssr';
 import type { SupabaseClient } from '@supabase/supabase-js';
 
-// Use globalThis to persist across HMR reloads in development
 const globalForSupabase = globalThis as typeof globalThis & {
     supabaseBrowserClient?: SupabaseClient;
 };
@@ -11,19 +10,9 @@ export function createClient() {
         return globalForSupabase.supabaseBrowserClient;
     }
 
-    // Use supabase-js directly with isSingleton to suppress the warning
-    globalForSupabase.supabaseBrowserClient = createSupabaseClient(
+    globalForSupabase.supabaseBrowserClient = createBrowserClient(
         process.env.NEXT_PUBLIC_SUPABASE_URL!,
-        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
-        {
-            auth: {
-                // Suppress "Multiple GoTrueClient instances" warning
-                // This is safe because we use a singleton pattern
-                storageKey: 'sb-auth-token',
-                persistSession: true,
-                detectSessionInUrl: true,
-            },
-        }
+        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
     );
 
     return globalForSupabase.supabaseBrowserClient;