fix(admin-auth): normalize phone before OTP validation to fix 400 on verify-otp

VerifyOtpRequestValidator was passing the raw phone string to
IsValidIranMobile which requires a pre-normalized 11-digit "09…" string.
Any other format (country code prefix, Persian digits, etc.) failed
validation instantly — causing verify-otp to return HTTP 400 in ~2ms
before the service logic could ever run.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/Meezi.Admin.API/Validators/AuthValidators.cs

@@ -8,7 +8,9 @@ public class SendOtpRequestValidator : AbstractValidator<SendOtpRequest>
 {
     public SendOtpRequestValidator()
     {
-        RuleFor(x => x.Phone).Must(PhoneNormalizer.IsValidIranMobile).WithMessage("Invalid phone number.");
+        RuleFor(x => x.Phone)
+            .Must(p => PhoneNormalizer.IsValidIranMobile(PhoneNormalizer.Normalize(p)))
+            .WithMessage("Invalid phone number.");
     }
 }
 
@@ -16,7 +18,9 @@ public class VerifyOtpRequestValidator : AbstractValidator<VerifyOtpRequest>
 {
     public VerifyOtpRequestValidator()
     {
-        RuleFor(x => x.Phone).Must(PhoneNormalizer.IsValidIranMobile);
+        RuleFor(x => x.Phone)
+            .Must(p => PhoneNormalizer.IsValidIranMobile(PhoneNormalizer.Normalize(p)))
+            .WithMessage("Invalid phone number.");
         RuleFor(x => x.Code)
             .Must(OtpNormalizer.IsValidSixDigitCode)
             .WithMessage("OTP must be 6 digits.");