feat: add Keycloak authentication for dashboard and API endpoints (#2)

Dashboard: OAuth2/OIDC login flow with PKCE, session-based auth middleware
protecting all server function endpoints, check-auth server function for
frontend auth state, login page gate in AppShell, user info in sidebar.

Agent API: JWT validation middleware using Keycloak JWKS endpoint,
conditionally enabled when KEYCLOAK_URL and KEYCLOAK_REALM are set.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #2

compliance-dashboard/src/infrastructure/mod.rs

@@ -1,5 +1,6 @@
 // Server function modules (compiled for both web and server;
 // the #[server] macro generates client stubs for the web target)
+pub mod auth_check;
 pub mod chat;
 pub mod dast;
 pub mod findings;
@@ -12,15 +13,27 @@ pub mod stats;
 
 // Server-only modules
 #[cfg(feature = "server")]
+mod auth;
+#[cfg(feature = "server")]
+mod auth_middleware;
+#[cfg(feature = "server")]
 pub mod config;
 #[cfg(feature = "server")]
 pub mod database;
 #[cfg(feature = "server")]
 pub mod error;
 #[cfg(feature = "server")]
-pub mod server;
+pub mod keycloak_config;
+#[cfg(feature = "server")]
+mod server;
 #[cfg(feature = "server")]
 pub mod server_state;
+#[cfg(feature = "server")]
+mod user_state;
 
+#[cfg(feature = "server")]
+pub use auth::{auth_callback, auth_login, logout, PendingOAuthStore};
+#[cfg(feature = "server")]
+pub use auth_middleware::require_auth;
 #[cfg(feature = "server")]
 pub use server::server_start;