add auth system: users, login, JWT, protected routes

Domain: User entity, AuthPort/PasswordHashPort/SecretStore ports.
Adapters: auth (argon2 hashing, JWT tokens), secret-store (env-based),
config-sqlite user repository, http-api auth routes + extractors.
Application: auth_service. SPA: login page, auth client, protected router.

crates/domain/src/entities/mod.rs

@@ -1,9 +1,11 @@
 mod data_source;
 mod layout_preset;
+mod user;
 mod widget_config;
 
 pub use data_source::{
     DataSource, DataSourceConfig, DataSourceId, DataSourceType, DataSourceValidationError,
 };
 pub use layout_preset::{LayoutPreset, LayoutPresetId};
+pub use user::{User, UserId};
 pub use widget_config::{WidgetConfig, WidgetId};

crates/domain/src/entities/user.rs

@@ -0,0 +1,8 @@
+pub type UserId = u32;
+
+#[derive(Debug, Clone)]
+pub struct User {
+    pub id: UserId,
+    pub username: String,
+    pub password_hash: String,
+}