feat(auth): Complete Auth Service implementation and fix Consul health checks

- Add VerifyPassword RPC to Identity Service
  - Added to proto file and generated code
  - Implemented in Identity Service gRPC server
  - Added to Identity Service client interface and gRPC client

- Complete RefreshToken implementation
  - Store refresh tokens in database using RefreshToken entity
  - Validate refresh tokens with expiration checking
  - Revoke refresh tokens on logout and token rotation

- Integrate Authz Service for role retrieval
  - Added AuthzServiceClient to Auth Service
  - Get user roles during login and token refresh
  - Gracefully handle Authz Service failures

- Require JWT secret in configuration
  - Removed default secret fallback
  - Service fails to start if JWT secret is not configured

- Fix Consul health checks for Docker
  - Services now register with Docker service names (e.g., audit-service)
  - Allows Consul (in Docker) to reach services via Docker DNS
  - Health checks use gRPC service names instead of localhost

This completes all TODOs in auth_service_fx.go and fixes the Consul
health check failures in Docker environments.

internal/client/grpc/identity_client.go

@@ -196,6 +196,23 @@ func (c *IdentityClient) ResetPassword(ctx context.Context, token, newPassword s
 	return nil
 }
 
+// VerifyPassword verifies a user's password and returns the user if valid.
+func (c *IdentityClient) VerifyPassword(ctx context.Context, email, password string) (*services.User, error) {
+	if err := c.connect(ctx); err != nil {
+		return nil, err
+	}
+
+	resp, err := c.client.VerifyPassword(ctx, &identityv1.VerifyPasswordRequest{
+		Email:    email,
+		Password:  password,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("verify password failed: %w", err)
+	}
+
+	return protoUserToServiceUser(resp.User), nil
+}
+
 // protoUserToServiceUser converts a proto User to a service User.
 func protoUserToServiceUser(u *identityv1.User) *services.User {
 	if u == nil {