docs: Align documentation with true microservices architecture

Transform all documentation from modular monolith to true microservices
architecture where core services are independently deployable.

Key Changes:
- Core Kernel: Infrastructure only (no business logic)
- Core Services: Auth, Identity, Authz, Audit as separate microservices
  - Each service has own entry point (cmd/{service}/)
  - Each service has own gRPC server and database schema
  - Services register with Consul for service discovery
- API Gateway: Moved from Epic 8 to Epic 1 as core infrastructure
  - Single entry point for all external traffic
  - Handles routing, JWT validation, rate limiting, CORS
- Service Discovery: Consul as primary mechanism (ADR-0033)
- Database Pattern: Per-service connections with schema isolation

Documentation Updates:
- Updated all 9 architecture documents
- Updated 4 ADRs and created 2 new ADRs (API Gateway, Service Discovery)
- Rewrote Epic 1: Core Kernel & Infrastructure (infrastructure only)
- Rewrote Epic 2: Core Services (Auth, Identity, Authz, Audit as services)
- Updated Epic 3-8 stories for service architecture
- Updated plan.md, playbook.md, requirements.md, index.md
- Updated all epic READMEs and story files

New ADRs:
- ADR-0032: API Gateway Strategy
- ADR-0033: Service Discovery Implementation (Consul)

New Stories:
- Epic 1.7: Service Client Interfaces
- Epic 1.8: API Gateway Implementation

docs/content/adr/0030-service-communication-strategy.md

@@ -7,22 +7,30 @@ Accepted
 Services need to communicate with each other in a microservices architecture. All communication must go through well-defined interfaces that support network calls.
 
 ## Decision
-Use a **service client-based communication strategy**:
+Use a **service client-based communication strategy** with API Gateway as the entry point:
 
-1. **Service Client Interfaces** (Primary for synchronous calls):
+1. **API Gateway** (Entry Point):
+   - All external traffic enters through API Gateway
+   - Gateway routes requests to backend services via service discovery
+   - Gateway handles authentication (JWT validation via Auth Service)
+   - Gateway handles rate limiting, CORS, request transformation
+
+2. **Service Client Interfaces** (Primary for synchronous calls):
    - Define interfaces in `pkg/services/` for all services
    - All implementations are network-based:
      - `internal/services/grpc/client/` - gRPC clients (primary)
      - `internal/services/http/client/` - HTTP clients (fallback)
+   - Gateway uses service clients to communicate with backend services
+   - Services use service clients for inter-service communication
 
-2. **Event Bus** (Primary for asynchronous communication):
+3. **Event Bus** (Primary for asynchronous communication):
    - Distributed via Kafka
    - Preferred for cross-service communication
    - Event-driven architecture for loose coupling
 
-3. **Shared Infrastructure** (For state):
+4. **Shared Infrastructure** (For state):
    - Redis for cache and distributed state
-   - PostgreSQL for persistent data
+   - PostgreSQL instance for persistent data (each service has its own schema)
    - Kafka for events
 
 ## Service Client Pattern
@@ -47,8 +55,21 @@ type httpIdentityClient struct {
 }
 ```
 
+## Communication Flow
+
+```
+Client → API Gateway → Backend Service (via service client)
+Backend Service → Other Service (via service client)
+```
+
+All communication goes through service clients - no direct in-process calls even in development mode.
+
 ## Development Mode
-For local development, multiple services can run in the same process, but they still communicate via service clients (gRPC or HTTP) - no direct in-process calls. This ensures the architecture is consistent.
+For local development, services run in the same repository but as separate processes:
+- Each service has its own entry point (`cmd/{service}/`)
+- Services communicate via service clients (gRPC or HTTP) - no direct in-process calls
+- Docker Compose orchestrates all services
+- This ensures the architecture is consistent with production
 
 ## Consequences