feat(httpauth-jwt): initial release — self-issued JWT auth middleware v1.0.0

Provides AuthMiddleware (calls httpauth.SetTokenData, accepts Verifier or Signer),
IssueTokenPair (access + refresh tokens as jwt.MapClaims, custom claims at top
level for ClaimsPermissionProvider compatibility), RefreshTokenPair (blacklist
check + rotation + re-issue), and Signer/Verifier implementations for HMAC-SHA256
and RSA-SHA256 including PEM loaders and a public-key-only Verifier for read-only
microservices.

compliance_test.go

@@ -0,0 +1,30 @@
+package jwtauth_test
+
+import (
+	"context"
+	"time"
+
+	jwtauth "code.nochebuena.dev/go/httpauth-jwt"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+type mockSigner struct{}
+
+func (m *mockSigner) Sign(_ jwt.Claims) (string, error)   { return "", nil }
+func (m *mockSigner) Verify(_ string) (*jwt.Token, error) { return nil, nil }
+
+type mockVerifier struct{}
+
+func (m *mockVerifier) Verify(_ string) (*jwt.Token, error) { return nil, nil }
+
+type mockBlacklist struct{}
+
+func (m *mockBlacklist) IsRevoked(_ context.Context, _ string) (bool, error) { return false, nil }
+func (m *mockBlacklist) Revoke(_ context.Context, _ string, _ time.Duration) error {
+	return nil
+}
+
+// Compile-time interface satisfaction checks.
+var _ jwtauth.Signer    = (*mockSigner)(nil)
+var _ jwtauth.Verifier  = (*mockVerifier)(nil)
+var _ jwtauth.Blacklist = (*mockBlacklist)(nil)