feat: implement authentication system for API Gateway and FileService

- Add JWT Bearer token validation to API Gateway with restricted CORS
- Add cookie-based JWT validation to FileService for browser image requests
- Create shared authentication infrastructure in FictionArchive.Service.Shared
- Update frontend to set fa_session cookie after OIDC login
- Add [Authorize] attributes to GraphQL mutations with role-based restrictions
- Configure OIDC settings for both services in docker-compose

Implements FA-17: Authentication for microservices architecture

FictionArchive.Service.FileService/Program.cs

@@ -34,6 +34,10 @@ public class Program
         
         #endregion
         
+        // Add authentication with cookie support
+        builder.Services.AddOidcCookieAuthentication(builder.Configuration);
+        builder.Services.AddFictionArchiveAuthorization();
+        
         builder.Services.Configure<ProxyConfiguration>(builder.Configuration.GetSection("ProxyConfiguration"));
         
         // Add S3 Client
@@ -60,6 +64,9 @@ public class Program
             app.UseSwaggerUI();
         }
 
+        app.UseAuthentication();
+        app.UseAuthorization();
+        
         app.MapHealthChecks("/healthz");
         
         app.MapControllers();