feat(auth): replace internal auth with JWT token service

- Replace InternalAuthService with TokenService using JWT tokens
- Add support for token issuance, refresh, verification and revocation
- Implement automatic signing key rotation with Redis storage
- Add database migration checks for indexes and foreign key constraints
- Update gRPC endpoints to use token-based authentication
- Remove deprecated API key based authentication system
- Add JSON Web Token support with HMAC-SHA256 signing
- Implement refresh token handling with automatic rotation
- Add token revocation by JTI and user ID
- Update build configuration to include core proto files
- Migrate database schema to handle token-based authentication
- Add comprehensive token validation and verification logic

build.rs

@@ -32,6 +32,18 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         .out_dir(&out_dir)
         .compile_protos(&git_protos, &[git_dir])?;
 
+    // proto/core/ — JWT token service (server + client: appks serves, imks consumes)
+    let core_dir = manifest_dir.join("proto/core");
+    let core_protos = proto_files(&core_dir)?;
+    for proto in &core_protos {
+        println!("cargo:rerun-if-changed={}", proto.display());
+    }
+    tonic_prost_build::configure()
+        .build_client(true)
+        .build_server(true)
+        .out_dir(&out_dir)
+        .compile_protos(&core_protos, &[core_dir])?;
+
     let this_dir = manifest_dir.join("proto/this");
     let this_protos = proto_files(&this_dir)?;
     for proto in &this_protos {