add auth system: users, login, JWT, protected routes

Domain: User entity, AuthPort/PasswordHashPort/SecretStore ports.
Adapters: auth (argon2 hashing, JWT tokens), secret-store (env-based),
config-sqlite user repository, http-api auth routes + extractors.
Application: auth_service. SPA: login page, auth client, protected router.

crates/bootstrap/Cargo.toml

@@ -12,6 +12,8 @@ http-api.workspace = true
 http-json.workspace = true
 media-adapter.workspace = true
 rss-adapter.workspace = true
+kframe-auth.workspace = true
+secret-store.workspace = true
 tokio.workspace = true
 anyhow.workspace = true
 tracing.workspace = true