refactor: Align Epic 0 & Epic 1 with true microservices architecture

Refactor core kernel and infrastructure to support true microservices
architecture where services are independently deployable.

Phase 1: Core Kernel Cleanup
- Remove database provider from CoreModule (services create their own)
- Update ProvideHealthRegistry to not depend on database
- Add schema support to database client (NewClientWithSchema)
- Update main entry point to remove database dependency
- Core kernel now provides only: config, logger, error bus, health, metrics, tracer, service registry

Phase 2: Service Registry Implementation
- Create ServiceRegistry interface (pkg/registry/registry.go)
- Implement Consul registry (internal/registry/consul/consul.go)
- Add Consul dependency (github.com/hashicorp/consul/api)
- Add registry configuration to config/default.yaml
- Add ProvideServiceRegistry() to DI container

Phase 3: Service Client Interfaces
- Create service client interfaces:
  - pkg/services/auth.go - AuthServiceClient
  - pkg/services/identity.go - IdentityServiceClient
  - pkg/services/authz.go - AuthzServiceClient
  - pkg/services/audit.go - AuditServiceClient
- Create ServiceClientFactory (internal/client/factory.go)
- Create stub gRPC client implementations (internal/client/grpc/)
- Add ProvideServiceClientFactory() to DI container

Phase 4: gRPC Service Definitions
- Create proto files for all core services:
  - api/proto/auth.proto
  - api/proto/identity.proto
  - api/proto/authz.proto
  - api/proto/audit.proto
- Add generate-proto target to Makefile

Phase 5: API Gateway Implementation
- Create API Gateway service entry point (cmd/api-gateway/main.go)
- Create Gateway implementation (services/gateway/gateway.go)
- Add gateway configuration to config/default.yaml
- Gateway registers with Consul and routes requests to backend services

All code compiles successfully. Core services (Auth, Identity, Authz, Audit)
will be implemented in Epic 2 using these foundations.

api/proto/audit.proto

@@ -0,0 +1,56 @@
+syntax = "proto3";
+
+package audit.v1;
+
+option go_package = "git.dcentral.systems/toolz/goplt/api/proto/generated/audit/v1;auditv1";
+
+// AuditService provides audit logging operations.
+service AuditService {
+  // Record records an audit log entry.
+  rpc Record(RecordRequest) returns (RecordResponse);
+  
+  // Query queries audit logs based on filters.
+  rpc Query(QueryRequest) returns (QueryResponse);
+}
+
+// AuditLogEntry represents an audit log entry.
+message AuditLogEntry {
+  string user_id = 1;
+  string action = 2; // e.g., "user.create", "user.update"
+  string resource = 3; // e.g., "user", "role"
+  string resource_id = 4;
+  string ip_address = 5;
+  string user_agent = 6;
+  map<string, string> metadata = 7;
+  int64 timestamp = 8;
+}
+
+// RecordRequest contains an audit log entry to record.
+message RecordRequest {
+  AuditLogEntry entry = 1;
+}
+
+// RecordResponse indicates success.
+message RecordResponse {
+  bool success = 1;
+  string id = 2; // Audit log entry ID
+}
+
+// QueryRequest contains filters for querying audit logs.
+message QueryRequest {
+  optional string user_id = 1;
+  optional string action = 2;
+  optional string resource = 3;
+  optional string resource_id = 4;
+  optional int64 start_time = 5;
+  optional int64 end_time = 6;
+  int32 limit = 7; // Max number of results
+  int32 offset = 8; // Pagination offset
+}
+
+// QueryResponse contains audit log entries.
+message QueryResponse {
+  repeated AuditLogEntry entries = 1;
+  int32 total = 2; // Total number of matching entries
+}
+

api/proto/auth.proto

@@ -0,0 +1,71 @@
+syntax = "proto3";
+
+package auth.v1;
+
+option go_package = "git.dcentral.systems/toolz/goplt/api/proto/generated/auth/v1;authv1";
+
+// AuthService provides authentication operations.
+service AuthService {
+  // Login authenticates a user and returns access and refresh tokens.
+  rpc Login(LoginRequest) returns (LoginResponse);
+  
+  // RefreshToken refreshes an access token using a refresh token.
+  rpc RefreshToken(RefreshTokenRequest) returns (RefreshTokenResponse);
+  
+  // ValidateToken validates a JWT token and returns the token claims.
+  rpc ValidateToken(ValidateTokenRequest) returns (ValidateTokenResponse);
+  
+  // Logout invalidates a refresh token.
+  rpc Logout(LogoutRequest) returns (LogoutResponse);
+}
+
+// LoginRequest contains login credentials.
+message LoginRequest {
+  string email = 1;
+  string password = 2;
+}
+
+// LoginResponse contains authentication tokens.
+message LoginResponse {
+  string access_token = 1;
+  string refresh_token = 2;
+  int64 expires_in = 3; // seconds
+  string token_type = 4; // "Bearer"
+}
+
+// RefreshTokenRequest contains a refresh token.
+message RefreshTokenRequest {
+  string refresh_token = 1;
+}
+
+// RefreshTokenResponse contains new authentication tokens.
+message RefreshTokenResponse {
+  string access_token = 1;
+  string refresh_token = 2;
+  int64 expires_in = 3; // seconds
+  string token_type = 4; // "Bearer"
+}
+
+// ValidateTokenRequest contains a JWT token to validate.
+message ValidateTokenRequest {
+  string token = 1;
+}
+
+// ValidateTokenResponse contains token claims.
+message ValidateTokenResponse {
+  string user_id = 1;
+  string email = 2;
+  repeated string roles = 3;
+  int64 expires_at = 4;
+}
+
+// LogoutRequest contains a refresh token to invalidate.
+message LogoutRequest {
+  string refresh_token = 1;
+}
+
+// LogoutResponse indicates success.
+message LogoutResponse {
+  bool success = 1;
+}
+

api/proto/authz.proto

@@ -0,0 +1,80 @@
+syntax = "proto3";
+
+package authz.v1;
+
+option go_package = "git.dcentral.systems/toolz/goplt/api/proto/generated/authz/v1;authzv1";
+
+// AuthzService provides authorization operations.
+service AuthzService {
+  // Authorize checks if a user has a specific permission and returns an error if not.
+  rpc Authorize(AuthorizeRequest) returns (AuthorizeResponse);
+  
+  // HasPermission checks if a user has a specific permission.
+  rpc HasPermission(HasPermissionRequest) returns (HasPermissionResponse);
+  
+  // GetUserPermissions returns all permissions for a user.
+  rpc GetUserPermissions(GetUserPermissionsRequest) returns (GetUserPermissionsResponse);
+  
+  // GetUserRoles returns all roles for a user.
+  rpc GetUserRoles(GetUserRolesRequest) returns (GetUserRolesResponse);
+}
+
+// Permission represents a permission in the system.
+message Permission {
+  string id = 1;
+  string code = 2;
+  string name = 3;
+  string description = 4;
+}
+
+// Role represents a role in the system.
+message Role {
+  string id = 1;
+  string name = 2;
+  string description = 3;
+  repeated string permissions = 4; // Permission codes
+}
+
+// AuthorizeRequest contains user ID and permission to check.
+message AuthorizeRequest {
+  string user_id = 1;
+  string permission = 2;
+}
+
+// AuthorizeResponse indicates authorization result.
+message AuthorizeResponse {
+  bool authorized = 1;
+  string message = 2;
+}
+
+// HasPermissionRequest contains user ID and permission to check.
+message HasPermissionRequest {
+  string user_id = 1;
+  string permission = 2;
+}
+
+// HasPermissionResponse indicates if the user has the permission.
+message HasPermissionResponse {
+  bool has_permission = 1;
+}
+
+// GetUserPermissionsRequest contains a user ID.
+message GetUserPermissionsRequest {
+  string user_id = 1;
+}
+
+// GetUserPermissionsResponse contains all permissions for the user.
+message GetUserPermissionsResponse {
+  repeated Permission permissions = 1;
+}
+
+// GetUserRolesRequest contains a user ID.
+message GetUserRolesRequest {
+  string user_id = 1;
+}
+
+// GetUserRolesResponse contains all roles for the user.
+message GetUserRolesResponse {
+  repeated Role roles = 1;
+}
+

api/proto/identity.proto

@@ -0,0 +1,134 @@
+syntax = "proto3";
+
+package identity.v1;
+
+option go_package = "git.dcentral.systems/toolz/goplt/api/proto/generated/identity/v1;identityv1";
+
+// IdentityService provides user management operations.
+service IdentityService {
+  // GetUser retrieves a user by ID.
+  rpc GetUser(GetUserRequest) returns (GetUserResponse);
+  
+  // GetUserByEmail retrieves a user by email address.
+  rpc GetUserByEmail(GetUserByEmailRequest) returns (GetUserByEmailResponse);
+  
+  // CreateUser creates a new user.
+  rpc CreateUser(CreateUserRequest) returns (CreateUserResponse);
+  
+  // UpdateUser updates an existing user.
+  rpc UpdateUser(UpdateUserRequest) returns (UpdateUserResponse);
+  
+  // DeleteUser deletes a user.
+  rpc DeleteUser(DeleteUserRequest) returns (DeleteUserResponse);
+  
+  // VerifyEmail verifies a user's email address using a verification token.
+  rpc VerifyEmail(VerifyEmailRequest) returns (VerifyEmailResponse);
+  
+  // RequestPasswordReset requests a password reset token.
+  rpc RequestPasswordReset(RequestPasswordResetRequest) returns (RequestPasswordResetResponse);
+  
+  // ResetPassword resets a user's password using a reset token.
+  rpc ResetPassword(ResetPasswordRequest) returns (ResetPasswordResponse);
+}
+
+// User represents a user in the system.
+message User {
+  string id = 1;
+  string email = 2;
+  string username = 3;
+  string first_name = 4;
+  string last_name = 5;
+  bool email_verified = 6;
+  int64 created_at = 7;
+  int64 updated_at = 8;
+}
+
+// GetUserRequest contains a user ID.
+message GetUserRequest {
+  string id = 1;
+}
+
+// GetUserResponse contains a user.
+message GetUserResponse {
+  User user = 1;
+}
+
+// GetUserByEmailRequest contains an email address.
+message GetUserByEmailRequest {
+  string email = 1;
+}
+
+// GetUserByEmailResponse contains a user.
+message GetUserByEmailResponse {
+  User user = 1;
+}
+
+// CreateUserRequest contains user data for creation.
+message CreateUserRequest {
+  string email = 1;
+  string username = 2;
+  string password = 3;
+  string first_name = 4;
+  string last_name = 5;
+}
+
+// CreateUserResponse contains the created user.
+message CreateUserResponse {
+  User user = 1;
+}
+
+// UpdateUserRequest contains user data for update.
+message UpdateUserRequest {
+  string id = 1;
+  optional string email = 2;
+  optional string username = 3;
+  optional string first_name = 4;
+  optional string last_name = 5;
+}
+
+// UpdateUserResponse contains the updated user.
+message UpdateUserResponse {
+  User user = 1;
+}
+
+// DeleteUserRequest contains a user ID.
+message DeleteUserRequest {
+  string id = 1;
+}
+
+// DeleteUserResponse indicates success.
+message DeleteUserResponse {
+  bool success = 1;
+}
+
+// VerifyEmailRequest contains a verification token.
+message VerifyEmailRequest {
+  string token = 1;
+}
+
+// VerifyEmailResponse indicates success.
+message VerifyEmailResponse {
+  bool success = 1;
+}
+
+// RequestPasswordResetRequest contains an email address.
+message RequestPasswordResetRequest {
+  string email = 1;
+}
+
+// RequestPasswordResetResponse indicates success.
+message RequestPasswordResetResponse {
+  bool success = 1;
+}
+
+// ResetPasswordRequest contains a reset token and new password.
+message ResetPasswordRequest {
+  string token = 1;
+  string new_password = 2;
+}
+
+// ResetPasswordResponse indicates success.
+message ResetPasswordResponse {
+  bool success = 1;
+}
+