refactor: simplify verify_password except clause; drop unused import

backend/auth_passwords.py

@@ -4,7 +4,6 @@ Kept separate from portal_auth (cookie signing) so the future operator auth can
 reuse the same hasher. Never store or log raw passwords."""
 import secrets
 from argon2 import PasswordHasher
-from argon2.exceptions import VerifyMismatchError, VerificationError, InvalidHashError
 
 _ph = PasswordHasher()
 
@@ -18,7 +17,7 @@ def verify_password(raw: str, hashed: str) -> bool:
     """True iff raw matches the stored hash. Never raises."""
     try:
         return _ph.verify(hashed, raw)
-    except (VerifyMismatchError, VerificationError, InvalidHashError, Exception):
+    except Exception:  # argon2 raises on mismatch/garbage; treat all as "no match"
         return False