feat: add app-level authentication with login, session cookies, and admin panel

Replace Nginx basic auth with proper user accounts:
- Session cookies via itsdangerous (30-day expiry, httponly, secure)
- Password hashing with bcrypt via passlib
- Login page with AC-themed UI
- Admin page for user management (CRUD)
- AuthMiddleware exempts plugin WS and browser WS endpoints
- Issues/comments author auto-populated from session
- Sidebar shows logged-in username, admin link, and logout
- Seed users: erik (admin), alex, lundberg
- SECRET_KEY env var for cookie signing

docker-compose.yml

@@ -26,6 +26,7 @@ services:
       DB_MAX_SQL_VARIABLES: "${DB_MAX_SQL_VARIABLES}"
       DB_WAL_AUTOCHECKPOINT_PAGES: "${DB_WAL_AUTOCHECKPOINT_PAGES}"
       SHARED_SECRET: "${SHARED_SECRET}"
+      SECRET_KEY: "${SECRET_KEY}"
       LOG_LEVEL: "DEBUG"
       INVENTORY_SERVICE_URL: "http://inventory-service:8000"
     restart: unless-stopped