Implement JWT authentication and app passkey support

- Add JWT token generation and validation
- Implement bcrypt password hashing
- Create auth service with register/login/refresh/logout
- Add app passkey generation and management
- Implement protected routes and auth middleware
- Add comprehensive tests for new functionality

internal/model/credential.go

@@ -0,0 +1,18 @@
+package model
+
+import (
+	"time"
+)
+
+// Credential represents an alternative authentication credential for a user.
+// The primary password is stored on the User model; additional credentials
+// (app passkeys, WebAuthn, OAuth) are stored here with a type discriminator.
+type Credential struct {
+	ID         string     `gorm:"primaryKey;type:varchar(36)" json:"id"`
+	UserID     string     `gorm:"index;type:varchar(36);not null" json:"user_id"`
+	Type       string     `gorm:"index;type:varchar(32);not null" json:"type"`
+	Label      string     `gorm:"type:varchar(128)" json:"label"`
+	SecretHash string     `gorm:"uniqueIndex;type:varchar(255);not null" json:"-"`
+	LastUsedAt *time.Time `json:"last_used_at"`
+	CreatedAt  time.Time  `json:"created_at"`
+}