// Package httpauth provides Firebase-backed HTTP middleware for authentication,
// identity enrichment, and role-based access control.
//
// Typical middleware chain:
//
//	r.Use(httpauth.AuthMiddleware(firebaseClient, publicPaths))
//	r.Use(httpauth.EnrichmentMiddleware(userEnricher, httpauth.WithTenantHeader("X-Tenant-ID")))
//	r.Use(httpauth.AuthzMiddleware(permProvider, "orders", rbac.Read))
//
// AuthMiddleware verifies Firebase Bearer tokens and injects uid + claims into
// the request context. EnrichmentMiddleware reads those values, calls the
// app-provided IdentityEnricher, and stores the full rbac.Identity. AuthzMiddleware
// resolves the permission mask and gates the request.
//
// All three middleware functions accept interfaces, so they can be tested without
// a live Firebase connection.
package httpauth