fix(test): use response interception for wrong-password test reliability

Replace unreliable waitForLoadState('networkidle') with explicit
waitForResponse() in the "should reject change with wrong current
password" test. Since the form uses fetch() (AJAX), networkidle can
resolve before the DOM is updated from the response, causing the
#globalMessage visibility check to fail intermittently.

The new approach:
- Intercepts the server response to /user/updatePassword
- Asserts the server correctly returns success=false
- Waits for the #globalMessage div to become visible

Author: devondragon

playwright/tests/profile/change-password.spec.ts

@@ -92,10 +92,24 @@ test.describe('Change Password', () => {
       await page.waitForLoadState('networkidle');
 
       // Try to change password with wrong current password
+      // Listen for the server response to verify error handling
+      const responsePromise = page.waitForResponse(
+        response => response.url().includes('/user/updatePassword') && response.request().method() === 'POST'
+      );
+
       await updatePasswordPage.changePassword('wrongCurrentPassword123!', 'NewTest@Pass123!');
-      await page.waitForLoadState('networkidle');
 
-      // Should show error or stay on page
+      // Wait for the server response
+      const response = await responsePromise;
+      const responseBody = await response.json();
+
+      // Server should indicate failure
+      expect(responseBody.success).toBe(false);
+
+      // Wait for the error message to appear in the DOM
+      await updatePasswordPage.waitForMessage(5000);
+
+      // Should show error
       const isError = await updatePasswordPage.isErrorMessage() ||
                       await updatePasswordPage.hasCurrentPasswordError();
       expect(isError).toBe(true);