feat(httpauth): initial release — provider-agnostic HTTP auth middleware

Provides SetTokenData for upstream AuthMiddleware implementations,
EnrichmentMiddleware and AuthzMiddleware compatible with any provider that
calls SetTokenData, ClaimsPermissionProvider for JWT-embedded permissions,
and CachedPermissionProvider for TTL-backed runtime resolution via any
Cache implementation.

compliance_test.go

@@ -0,0 +1,33 @@
+package httpauth_test
+
+import (
+	"context"
+	"time"
+
+	httpauth "code.nochebuena.dev/go/httpauth"
+	"code.nochebuena.dev/go/rbac"
+)
+
+type mockEnricher struct{}
+
+func (m *mockEnricher) Enrich(_ context.Context, _ string, _ map[string]any) (rbac.Identity, error) {
+	return rbac.Identity{}, nil
+}
+
+type mockProvider struct{}
+
+func (m *mockProvider) ResolveMask(_ context.Context, _, _ string) (rbac.PermissionMask, error) {
+	return 0, nil
+}
+
+type mockCache struct{}
+
+func (m *mockCache) Get(_ context.Context, _ string) (int64, bool, error) { return 0, false, nil }
+func (m *mockCache) Set(_ context.Context, _ string, _ int64, _ time.Duration) error {
+	return nil
+}
+
+// Compile-time interface satisfaction checks.
+var _ httpauth.IdentityEnricher = (*mockEnricher)(nil)
+var _ rbac.PermissionProvider   = (*mockProvider)(nil)
+var _ httpauth.Cache             = (*mockCache)(nil)