feat: implement auth handler, middleware, and router
domain/context.go: extend WithUser/UserFromContext with session ID
handler/response.go: respondJSON/respondError with domain→HTTP status
mapping (404/403/401/409/400/415/500)
handler/middleware.go: Bearer JWT extraction, ParseAccessToken,
domain.WithUser injection; aborts with 401 JSON on failure
handler/auth_handler.go: Login, Refresh, Logout, ListSessions,
TerminateSession
handler/router.go: /health, /api/v1/auth routes; login and refresh
are public, session routes protected by AuthMiddleware
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
H1K0
caeff6786e