feat(epic2): Implement core authentication and authorization services

- Implement Audit Service (2.5)
  - gRPC server with Record and Query operations
  - Database persistence with audit schema
  - Service registry integration
  - Entry point: cmd/audit-service

- Implement Identity Service (2.2)
  - User CRUD operations
  - Password hashing with argon2id
  - Email verification and password reset flows
  - Entry point: cmd/identity-service
  - Fix package naming conflicts in user_service.go

- Implement Auth Service (2.1)
  - JWT token generation and validation
  - Login, RefreshToken, ValidateToken, Logout RPCs
  - Integration with Identity Service
  - Entry point: cmd/auth-service
  - Note: RefreshToken entity needs Ent generation

- Implement Authz Service (2.3, 2.4)
  - Permission checking and authorization
  - User roles and permissions retrieval
  - RBAC-based authorization
  - Entry point: cmd/authz-service

- Implement gRPC clients for all services
  - Auth, Identity, Authz, and Audit clients
  - Service discovery integration
  - Full gRPC communication

- Add service configurations to config/default.yaml
- Create SUMMARY.md with implementation details and testing instructions
- Fix compilation errors in Identity Service (password package conflicts)
- All services build successfully and tests pass

internal/ent/auditlog_update.go

@@ -27,16 +27,16 @@ func (_u *AuditLogUpdate) Where(ps ...predicate.AuditLog) *AuditLogUpdate {
 	return _u
 }
 
-// SetActorID sets the "actor_id" field.
-func (_u *AuditLogUpdate) SetActorID(v string) *AuditLogUpdate {
-	_u.mutation.SetActorID(v)
+// SetUserID sets the "user_id" field.
+func (_u *AuditLogUpdate) SetUserID(v string) *AuditLogUpdate {
+	_u.mutation.SetUserID(v)
 	return _u
 }
 
-// SetNillableActorID sets the "actor_id" field if the given value is not nil.
-func (_u *AuditLogUpdate) SetNillableActorID(v *string) *AuditLogUpdate {
+// SetNillableUserID sets the "user_id" field if the given value is not nil.
+func (_u *AuditLogUpdate) SetNillableUserID(v *string) *AuditLogUpdate {
 	if v != nil {
-		_u.SetActorID(*v)
+		_u.SetUserID(*v)
 	}
 	return _u
 }
@@ -55,23 +55,83 @@ func (_u *AuditLogUpdate) SetNillableAction(v *string) *AuditLogUpdate {
 	return _u
 }
 
-// SetTargetID sets the "target_id" field.
-func (_u *AuditLogUpdate) SetTargetID(v string) *AuditLogUpdate {
-	_u.mutation.SetTargetID(v)
+// SetResource sets the "resource" field.
+func (_u *AuditLogUpdate) SetResource(v string) *AuditLogUpdate {
+	_u.mutation.SetResource(v)
 	return _u
 }
 
-// SetNillableTargetID sets the "target_id" field if the given value is not nil.
-func (_u *AuditLogUpdate) SetNillableTargetID(v *string) *AuditLogUpdate {
+// SetNillableResource sets the "resource" field if the given value is not nil.
+func (_u *AuditLogUpdate) SetNillableResource(v *string) *AuditLogUpdate {
 	if v != nil {
-		_u.SetTargetID(*v)
+		_u.SetResource(*v)
 	}
 	return _u
 }
 
-// ClearTargetID clears the value of the "target_id" field.
-func (_u *AuditLogUpdate) ClearTargetID() *AuditLogUpdate {
-	_u.mutation.ClearTargetID()
+// ClearResource clears the value of the "resource" field.
+func (_u *AuditLogUpdate) ClearResource() *AuditLogUpdate {
+	_u.mutation.ClearResource()
+	return _u
+}
+
+// SetResourceID sets the "resource_id" field.
+func (_u *AuditLogUpdate) SetResourceID(v string) *AuditLogUpdate {
+	_u.mutation.SetResourceID(v)
+	return _u
+}
+
+// SetNillableResourceID sets the "resource_id" field if the given value is not nil.
+func (_u *AuditLogUpdate) SetNillableResourceID(v *string) *AuditLogUpdate {
+	if v != nil {
+		_u.SetResourceID(*v)
+	}
+	return _u
+}
+
+// ClearResourceID clears the value of the "resource_id" field.
+func (_u *AuditLogUpdate) ClearResourceID() *AuditLogUpdate {
+	_u.mutation.ClearResourceID()
+	return _u
+}
+
+// SetIPAddress sets the "ip_address" field.
+func (_u *AuditLogUpdate) SetIPAddress(v string) *AuditLogUpdate {
+	_u.mutation.SetIPAddress(v)
+	return _u
+}
+
+// SetNillableIPAddress sets the "ip_address" field if the given value is not nil.
+func (_u *AuditLogUpdate) SetNillableIPAddress(v *string) *AuditLogUpdate {
+	if v != nil {
+		_u.SetIPAddress(*v)
+	}
+	return _u
+}
+
+// ClearIPAddress clears the value of the "ip_address" field.
+func (_u *AuditLogUpdate) ClearIPAddress() *AuditLogUpdate {
+	_u.mutation.ClearIPAddress()
+	return _u
+}
+
+// SetUserAgent sets the "user_agent" field.
+func (_u *AuditLogUpdate) SetUserAgent(v string) *AuditLogUpdate {
+	_u.mutation.SetUserAgent(v)
+	return _u
+}
+
+// SetNillableUserAgent sets the "user_agent" field if the given value is not nil.
+func (_u *AuditLogUpdate) SetNillableUserAgent(v *string) *AuditLogUpdate {
+	if v != nil {
+		_u.SetUserAgent(*v)
+	}
+	return _u
+}
+
+// ClearUserAgent clears the value of the "user_agent" field.
+func (_u *AuditLogUpdate) ClearUserAgent() *AuditLogUpdate {
+	_u.mutation.ClearUserAgent()
 	return _u
 }
 
@@ -121,9 +181,9 @@ func (_u *AuditLogUpdate) ExecX(ctx context.Context) {
 
 // check runs all checks and user-defined validators on the builder.
 func (_u *AuditLogUpdate) check() error {
-	if v, ok := _u.mutation.ActorID(); ok {
-		if err := auditlog.ActorIDValidator(v); err != nil {
-			return &ValidationError{Name: "actor_id", err: fmt.Errorf(`ent: validator failed for field "AuditLog.actor_id": %w`, err)}
+	if v, ok := _u.mutation.UserID(); ok {
+		if err := auditlog.UserIDValidator(v); err != nil {
+			return &ValidationError{Name: "user_id", err: fmt.Errorf(`ent: validator failed for field "AuditLog.user_id": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.Action(); ok {
@@ -146,17 +206,35 @@ func (_u *AuditLogUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 			}
 		}
 	}
-	if value, ok := _u.mutation.ActorID(); ok {
-		_spec.SetField(auditlog.FieldActorID, field.TypeString, value)
+	if value, ok := _u.mutation.UserID(); ok {
+		_spec.SetField(auditlog.FieldUserID, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Action(); ok {
 		_spec.SetField(auditlog.FieldAction, field.TypeString, value)
 	}
-	if value, ok := _u.mutation.TargetID(); ok {
-		_spec.SetField(auditlog.FieldTargetID, field.TypeString, value)
+	if value, ok := _u.mutation.Resource(); ok {
+		_spec.SetField(auditlog.FieldResource, field.TypeString, value)
 	}
-	if _u.mutation.TargetIDCleared() {
-		_spec.ClearField(auditlog.FieldTargetID, field.TypeString)
+	if _u.mutation.ResourceCleared() {
+		_spec.ClearField(auditlog.FieldResource, field.TypeString)
+	}
+	if value, ok := _u.mutation.ResourceID(); ok {
+		_spec.SetField(auditlog.FieldResourceID, field.TypeString, value)
+	}
+	if _u.mutation.ResourceIDCleared() {
+		_spec.ClearField(auditlog.FieldResourceID, field.TypeString)
+	}
+	if value, ok := _u.mutation.IPAddress(); ok {
+		_spec.SetField(auditlog.FieldIPAddress, field.TypeString, value)
+	}
+	if _u.mutation.IPAddressCleared() {
+		_spec.ClearField(auditlog.FieldIPAddress, field.TypeString)
+	}
+	if value, ok := _u.mutation.UserAgent(); ok {
+		_spec.SetField(auditlog.FieldUserAgent, field.TypeString, value)
+	}
+	if _u.mutation.UserAgentCleared() {
+		_spec.ClearField(auditlog.FieldUserAgent, field.TypeString)
 	}
 	if value, ok := _u.mutation.Metadata(); ok {
 		_spec.SetField(auditlog.FieldMetadata, field.TypeJSON, value)
@@ -184,16 +262,16 @@ type AuditLogUpdateOne struct {
 	mutation *AuditLogMutation
 }
 
-// SetActorID sets the "actor_id" field.
-func (_u *AuditLogUpdateOne) SetActorID(v string) *AuditLogUpdateOne {
-	_u.mutation.SetActorID(v)
+// SetUserID sets the "user_id" field.
+func (_u *AuditLogUpdateOne) SetUserID(v string) *AuditLogUpdateOne {
+	_u.mutation.SetUserID(v)
 	return _u
 }
 
-// SetNillableActorID sets the "actor_id" field if the given value is not nil.
-func (_u *AuditLogUpdateOne) SetNillableActorID(v *string) *AuditLogUpdateOne {
+// SetNillableUserID sets the "user_id" field if the given value is not nil.
+func (_u *AuditLogUpdateOne) SetNillableUserID(v *string) *AuditLogUpdateOne {
 	if v != nil {
-		_u.SetActorID(*v)
+		_u.SetUserID(*v)
 	}
 	return _u
 }
@@ -212,23 +290,83 @@ func (_u *AuditLogUpdateOne) SetNillableAction(v *string) *AuditLogUpdateOne {
 	return _u
 }
 
-// SetTargetID sets the "target_id" field.
-func (_u *AuditLogUpdateOne) SetTargetID(v string) *AuditLogUpdateOne {
-	_u.mutation.SetTargetID(v)
+// SetResource sets the "resource" field.
+func (_u *AuditLogUpdateOne) SetResource(v string) *AuditLogUpdateOne {
+	_u.mutation.SetResource(v)
 	return _u
 }
 
-// SetNillableTargetID sets the "target_id" field if the given value is not nil.
-func (_u *AuditLogUpdateOne) SetNillableTargetID(v *string) *AuditLogUpdateOne {
+// SetNillableResource sets the "resource" field if the given value is not nil.
+func (_u *AuditLogUpdateOne) SetNillableResource(v *string) *AuditLogUpdateOne {
 	if v != nil {
-		_u.SetTargetID(*v)
+		_u.SetResource(*v)
 	}
 	return _u
 }
 
-// ClearTargetID clears the value of the "target_id" field.
-func (_u *AuditLogUpdateOne) ClearTargetID() *AuditLogUpdateOne {
-	_u.mutation.ClearTargetID()
+// ClearResource clears the value of the "resource" field.
+func (_u *AuditLogUpdateOne) ClearResource() *AuditLogUpdateOne {
+	_u.mutation.ClearResource()
+	return _u
+}
+
+// SetResourceID sets the "resource_id" field.
+func (_u *AuditLogUpdateOne) SetResourceID(v string) *AuditLogUpdateOne {
+	_u.mutation.SetResourceID(v)
+	return _u
+}
+
+// SetNillableResourceID sets the "resource_id" field if the given value is not nil.
+func (_u *AuditLogUpdateOne) SetNillableResourceID(v *string) *AuditLogUpdateOne {
+	if v != nil {
+		_u.SetResourceID(*v)
+	}
+	return _u
+}
+
+// ClearResourceID clears the value of the "resource_id" field.
+func (_u *AuditLogUpdateOne) ClearResourceID() *AuditLogUpdateOne {
+	_u.mutation.ClearResourceID()
+	return _u
+}
+
+// SetIPAddress sets the "ip_address" field.
+func (_u *AuditLogUpdateOne) SetIPAddress(v string) *AuditLogUpdateOne {
+	_u.mutation.SetIPAddress(v)
+	return _u
+}
+
+// SetNillableIPAddress sets the "ip_address" field if the given value is not nil.
+func (_u *AuditLogUpdateOne) SetNillableIPAddress(v *string) *AuditLogUpdateOne {
+	if v != nil {
+		_u.SetIPAddress(*v)
+	}
+	return _u
+}
+
+// ClearIPAddress clears the value of the "ip_address" field.
+func (_u *AuditLogUpdateOne) ClearIPAddress() *AuditLogUpdateOne {
+	_u.mutation.ClearIPAddress()
+	return _u
+}
+
+// SetUserAgent sets the "user_agent" field.
+func (_u *AuditLogUpdateOne) SetUserAgent(v string) *AuditLogUpdateOne {
+	_u.mutation.SetUserAgent(v)
+	return _u
+}
+
+// SetNillableUserAgent sets the "user_agent" field if the given value is not nil.
+func (_u *AuditLogUpdateOne) SetNillableUserAgent(v *string) *AuditLogUpdateOne {
+	if v != nil {
+		_u.SetUserAgent(*v)
+	}
+	return _u
+}
+
+// ClearUserAgent clears the value of the "user_agent" field.
+func (_u *AuditLogUpdateOne) ClearUserAgent() *AuditLogUpdateOne {
+	_u.mutation.ClearUserAgent()
 	return _u
 }
 
@@ -291,9 +429,9 @@ func (_u *AuditLogUpdateOne) ExecX(ctx context.Context) {
 
 // check runs all checks and user-defined validators on the builder.
 func (_u *AuditLogUpdateOne) check() error {
-	if v, ok := _u.mutation.ActorID(); ok {
-		if err := auditlog.ActorIDValidator(v); err != nil {
-			return &ValidationError{Name: "actor_id", err: fmt.Errorf(`ent: validator failed for field "AuditLog.actor_id": %w`, err)}
+	if v, ok := _u.mutation.UserID(); ok {
+		if err := auditlog.UserIDValidator(v); err != nil {
+			return &ValidationError{Name: "user_id", err: fmt.Errorf(`ent: validator failed for field "AuditLog.user_id": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.Action(); ok {
@@ -333,17 +471,35 @@ func (_u *AuditLogUpdateOne) sqlSave(ctx context.Context) (_node *AuditLog, err
 			}
 		}
 	}
-	if value, ok := _u.mutation.ActorID(); ok {
-		_spec.SetField(auditlog.FieldActorID, field.TypeString, value)
+	if value, ok := _u.mutation.UserID(); ok {
+		_spec.SetField(auditlog.FieldUserID, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Action(); ok {
 		_spec.SetField(auditlog.FieldAction, field.TypeString, value)
 	}
-	if value, ok := _u.mutation.TargetID(); ok {
-		_spec.SetField(auditlog.FieldTargetID, field.TypeString, value)
+	if value, ok := _u.mutation.Resource(); ok {
+		_spec.SetField(auditlog.FieldResource, field.TypeString, value)
 	}
-	if _u.mutation.TargetIDCleared() {
-		_spec.ClearField(auditlog.FieldTargetID, field.TypeString)
+	if _u.mutation.ResourceCleared() {
+		_spec.ClearField(auditlog.FieldResource, field.TypeString)
+	}
+	if value, ok := _u.mutation.ResourceID(); ok {
+		_spec.SetField(auditlog.FieldResourceID, field.TypeString, value)
+	}
+	if _u.mutation.ResourceIDCleared() {
+		_spec.ClearField(auditlog.FieldResourceID, field.TypeString)
+	}
+	if value, ok := _u.mutation.IPAddress(); ok {
+		_spec.SetField(auditlog.FieldIPAddress, field.TypeString, value)
+	}
+	if _u.mutation.IPAddressCleared() {
+		_spec.ClearField(auditlog.FieldIPAddress, field.TypeString)
+	}
+	if value, ok := _u.mutation.UserAgent(); ok {
+		_spec.SetField(auditlog.FieldUserAgent, field.TypeString, value)
+	}
+	if _u.mutation.UserAgentCleared() {
+		_spec.ClearField(auditlog.FieldUserAgent, field.TypeString)
 	}
 	if value, ok := _u.mutation.Metadata(); ok {
 		_spec.SetField(auditlog.FieldMetadata, field.TypeJSON, value)