Google Auth Issue

Title: Disable email/password auth for Google-OAuth-only apps (or gate Forgot Password by identity type)

Problem: For apps configured with Google OAuth only, the platform-hosted login screen still shows a 'Forgot password' button. When a Google-OAuth-only user clicks it, the platform provisions a password identity for their email, which then conflicts with their Google OAuth identity on subsequent logins. base44.auth.me() fails, causing an infinite redirect loop. The user is permanently locked out and the issue can only be resolved by support manually deleting their account at the platform layer.

This happened to a paying customer of mine. Took ~6 hours of diagnosis and a support ticket to resolve. Any of my customers can brick their own account with one click.

Requested fix (either is acceptable):

1. App-level config to disable email/password auth entirely for apps configured as Google-OAuth-only. Hide the Forgot Password button when this is set.

2. Forgot Password flow detects whether the email has an existing password identity. If not, show 'This account uses Google sign-in' instead of provisioning a new password identity.

Impact: Affects every base44 app that uses Google OAuth as its sole auth method. Current workaround (manual support intervention per locked-out user) does not scale.