add auth system: users, login, JWT, protected routes

Domain: User entity, AuthPort/PasswordHashPort/SecretStore ports.
Adapters: auth (argon2 hashing, JWT tokens), secret-store (env-based),
config-sqlite user repository, http-api auth routes + extractors.
Application: auth_service. SPA: login page, auth client, protected router.

crates/adapters/secret-store/Cargo.toml

@@ -0,0 +1,11 @@
+[package]
+name = "secret-store"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+domain.workspace = true
+aes-gcm = "0.10"
+base64 = "0.22"
+hex = "0.4"
+rand_core = { version = "0.6", features = ["getrandom"] }