Implement JWT authentication and app passkey support

- Add JWT token generation and validation
- Implement bcrypt password hashing
- Create auth service with register/login/refresh/logout
- Add app passkey generation and management
- Implement protected routes and auth middleware
- Add comprehensive tests for new functionality

internal/server/routes_protected.go

@@ -4,9 +4,25 @@ import (
 	"github.com/gin-gonic/gin"
 
 	"github.com/dhao2001/mygo/internal/app"
+	"github.com/dhao2001/mygo/internal/handler"
+	"github.com/dhao2001/mygo/internal/middleware"
 )
 
-func setupProtectedRoutes(rg *gin.RouterGroup, _ *app.WebApp) {
-	_ = rg
-	// Protected routes will be registered after auth middleware is implemented.
+func setupProtectedRoutes(rg *gin.RouterGroup, webApp *app.WebApp) {
+	jwtSecret := []byte(webApp.Config.JWT.Secret)
+	authHandler := handler.NewAuthHandler(webApp.AuthService)
+
+	rg.Use(middleware.AuthRequired(jwtSecret))
+
+	account := rg.Group("/account")
+	{
+		account.GET("", authHandler.GetAccount)
+
+		passkeys := account.Group("/passkeys")
+		{
+			passkeys.GET("", authHandler.ListPasskeys)
+			passkeys.POST("", authHandler.CreatePasskey)
+			passkeys.DELETE("/:id", authHandler.RevokePasskey)
+		}
+	}
 }