Add PocketBase admin auth to garmin-sync cron job

The cron job needs to list all users, but the users collection
doesn't have a public listRule (for security). Added admin
authentication so the job can access user records.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/app/api/cron/garmin-sync/route.test.ts

@@ -23,6 +23,7 @@ vi.mock("@/lib/pocketbase", () => ({
       }),
       create: mockPbCreate,
       update: mockPbUpdate,
+      authWithPassword: vi.fn().mockResolvedValue({ token: "admin-token" }),
     })),
   })),
 }));
@@ -133,6 +134,8 @@ describe("POST /api/cron/garmin-sync", () => {
     mockDaysUntilExpiry.mockReturnValue(30); // Default to 30 days remaining
     mockSendTokenExpirationWarning.mockResolvedValue(undefined); // Reset mock implementation
     process.env.CRON_SECRET = validSecret;
+    process.env.POCKETBASE_ADMIN_EMAIL = "admin@test.com";
+    process.env.POCKETBASE_ADMIN_PASSWORD = "test-password";
   });
 
   describe("Authentication", () => {
@@ -159,6 +162,26 @@ describe("POST /api/cron/garmin-sync", () => {
 
       expect(response.status).toBe(401);
     });
+
+    it("returns 500 when POCKETBASE_ADMIN_EMAIL is not set", async () => {
+      process.env.POCKETBASE_ADMIN_EMAIL = "";
+
+      const response = await POST(createMockRequest(`Bearer ${validSecret}`));
+
+      expect(response.status).toBe(500);
+      const body = await response.json();
+      expect(body.error).toBe("Server misconfiguration");
+    });
+
+    it("returns 500 when POCKETBASE_ADMIN_PASSWORD is not set", async () => {
+      process.env.POCKETBASE_ADMIN_PASSWORD = "";
+
+      const response = await POST(createMockRequest(`Bearer ${validSecret}`));
+
+      expect(response.status).toBe(500);
+      const body = await response.json();
+      expect(body.error).toBe("Server misconfiguration");
+    });
   });
 
   describe("User fetching", () => {