Add delete session functionality

- DELETE /api/v1/sessions/{id}: only closed sessions, user-scoped
- Returns 404 if not found/wrong user, 409 if session still open
- Deletes session_logs first, then session (no CASCADE)
- Frontend: trash button per session in SessionList (closed sessions only)
- Confirm dialog before delete, toast feedback, list reloads after

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/internal/handler/session.go

@@ -101,6 +101,38 @@ func (h *Handler) handleEndSession(w http.ResponseWriter, r *http.Request) {
 	writeJSON(w, http.StatusOK, session)
 }
 
+// handleDeleteSession handles DELETE /api/v1/sessions/{id}.
+// Löscht eine abgeschlossene Session samt aller Logs. Offene Sessions werden
+// mit 409 abgelehnt. Sessions anderer Nutzer oder nicht vorhandene Sessions
+// antworten mit 404.
+func (h *Handler) handleDeleteSession(w http.ResponseWriter, r *http.Request) {
+	uid, err := userID(r)
+	if err != nil {
+		writeError(w, http.StatusBadRequest, err.Error())
+		return
+	}
+	id, err := pathID(r, "id")
+	if err != nil {
+		writeError(w, http.StatusBadRequest, "Ungültige ID")
+		return
+	}
+
+	err = h.store.DeleteSession(id, uid)
+	if err != nil {
+		if strings.Contains(err.Error(), "SESSION_NOT_FOUND") {
+			writeError(w, http.StatusNotFound, "Session nicht gefunden")
+			return
+		}
+		if strings.Contains(err.Error(), "SESSION_OPEN") {
+			writeError(w, http.StatusConflict, "Nur abgeschlossene Sessions können gelöscht werden")
+			return
+		}
+		writeError(w, http.StatusInternalServerError, "Fehler beim Löschen der Session")
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+}
+
 func (h *Handler) handleCreateLog(w http.ResponseWriter, r *http.Request) {
 	sessionID, err := pathID(r, "id")
 	if err != nil {