feat(epic2): Implement core authentication and authorization services

- Implement Audit Service (2.5)
  - gRPC server with Record and Query operations
  - Database persistence with audit schema
  - Service registry integration
  - Entry point: cmd/audit-service

- Implement Identity Service (2.2)
  - User CRUD operations
  - Password hashing with argon2id
  - Email verification and password reset flows
  - Entry point: cmd/identity-service
  - Fix package naming conflicts in user_service.go

- Implement Auth Service (2.1)
  - JWT token generation and validation
  - Login, RefreshToken, ValidateToken, Logout RPCs
  - Integration with Identity Service
  - Entry point: cmd/auth-service
  - Note: RefreshToken entity needs Ent generation

- Implement Authz Service (2.3, 2.4)
  - Permission checking and authorization
  - User roles and permissions retrieval
  - RBAC-based authorization
  - Entry point: cmd/authz-service

- Implement gRPC clients for all services
  - Auth, Identity, Authz, and Audit clients
  - Service discovery integration
  - Full gRPC communication

- Add service configurations to config/default.yaml
- Create SUMMARY.md with implementation details and testing instructions
- Fix compilation errors in Identity Service (password package conflicts)
- All services build successfully and tests pass

internal/ent/user_create.go

@@ -27,6 +27,48 @@ func (_c *UserCreate) SetEmail(v string) *UserCreate {
 	return _c
 }
 
+// SetUsername sets the "username" field.
+func (_c *UserCreate) SetUsername(v string) *UserCreate {
+	_c.mutation.SetUsername(v)
+	return _c
+}
+
+// SetNillableUsername sets the "username" field if the given value is not nil.
+func (_c *UserCreate) SetNillableUsername(v *string) *UserCreate {
+	if v != nil {
+		_c.SetUsername(*v)
+	}
+	return _c
+}
+
+// SetFirstName sets the "first_name" field.
+func (_c *UserCreate) SetFirstName(v string) *UserCreate {
+	_c.mutation.SetFirstName(v)
+	return _c
+}
+
+// SetNillableFirstName sets the "first_name" field if the given value is not nil.
+func (_c *UserCreate) SetNillableFirstName(v *string) *UserCreate {
+	if v != nil {
+		_c.SetFirstName(*v)
+	}
+	return _c
+}
+
+// SetLastName sets the "last_name" field.
+func (_c *UserCreate) SetLastName(v string) *UserCreate {
+	_c.mutation.SetLastName(v)
+	return _c
+}
+
+// SetNillableLastName sets the "last_name" field if the given value is not nil.
+func (_c *UserCreate) SetNillableLastName(v *string) *UserCreate {
+	if v != nil {
+		_c.SetLastName(*v)
+	}
+	return _c
+}
+
 // SetPasswordHash sets the "password_hash" field.
 func (_c *UserCreate) SetPasswordHash(v string) *UserCreate {
 	_c.mutation.SetPasswordHash(v)
@@ -47,6 +89,48 @@ func (_c *UserCreate) SetNillableVerified(v *bool) *UserCreate {
 	return _c
 }
 
+// SetEmailVerificationToken sets the "email_verification_token" field.
+func (_c *UserCreate) SetEmailVerificationToken(v string) *UserCreate {
+	_c.mutation.SetEmailVerificationToken(v)
+	return _c
+}
+
+// SetNillableEmailVerificationToken sets the "email_verification_token" field if the given value is not nil.
+func (_c *UserCreate) SetNillableEmailVerificationToken(v *string) *UserCreate {
+	if v != nil {
+		_c.SetEmailVerificationToken(*v)
+	}
+	return _c
+}
+
+// SetPasswordResetToken sets the "password_reset_token" field.
+func (_c *UserCreate) SetPasswordResetToken(v string) *UserCreate {
+	_c.mutation.SetPasswordResetToken(v)
+	return _c
+}
+
+// SetNillablePasswordResetToken sets the "password_reset_token" field if the given value is not nil.
+func (_c *UserCreate) SetNillablePasswordResetToken(v *string) *UserCreate {
+	if v != nil {
+		_c.SetPasswordResetToken(*v)
+	}
+	return _c
+}
+
+// SetPasswordResetExpiresAt sets the "password_reset_expires_at" field.
+func (_c *UserCreate) SetPasswordResetExpiresAt(v time.Time) *UserCreate {
+	_c.mutation.SetPasswordResetExpiresAt(v)
+	return _c
+}
+
+// SetNillablePasswordResetExpiresAt sets the "password_reset_expires_at" field if the given value is not nil.
+func (_c *UserCreate) SetNillablePasswordResetExpiresAt(v *time.Time) *UserCreate {
+	if v != nil {
+		_c.SetPasswordResetExpiresAt(*v)
+	}
+	return _c
+}
+
 // SetCreatedAt sets the "created_at" field.
 func (_c *UserCreate) SetCreatedAt(v time.Time) *UserCreate {
 	_c.mutation.SetCreatedAt(v)
@@ -211,6 +295,18 @@ func (_c *UserCreate) createSpec() (*User, *sqlgraph.CreateSpec) {
 		_spec.SetField(user.FieldEmail, field.TypeString, value)
 		_node.Email = value
 	}
+	if value, ok := _c.mutation.Username(); ok {
+		_spec.SetField(user.FieldUsername, field.TypeString, value)
+		_node.Username = value
+	}
+	if value, ok := _c.mutation.FirstName(); ok {
+		_spec.SetField(user.FieldFirstName, field.TypeString, value)
+		_node.FirstName = value
+	}
+	if value, ok := _c.mutation.LastName(); ok {
+		_spec.SetField(user.FieldLastName, field.TypeString, value)
+		_node.LastName = value
+	}
 	if value, ok := _c.mutation.PasswordHash(); ok {
 		_spec.SetField(user.FieldPasswordHash, field.TypeString, value)
 		_node.PasswordHash = value
@@ -219,6 +315,18 @@ func (_c *UserCreate) createSpec() (*User, *sqlgraph.CreateSpec) {
 		_spec.SetField(user.FieldVerified, field.TypeBool, value)
 		_node.Verified = value
 	}
+	if value, ok := _c.mutation.EmailVerificationToken(); ok {
+		_spec.SetField(user.FieldEmailVerificationToken, field.TypeString, value)
+		_node.EmailVerificationToken = value
+	}
+	if value, ok := _c.mutation.PasswordResetToken(); ok {
+		_spec.SetField(user.FieldPasswordResetToken, field.TypeString, value)
+		_node.PasswordResetToken = value
+	}
+	if value, ok := _c.mutation.PasswordResetExpiresAt(); ok {
+		_spec.SetField(user.FieldPasswordResetExpiresAt, field.TypeTime, value)
+		_node.PasswordResetExpiresAt = value
+	}
 	if value, ok := _c.mutation.CreatedAt(); ok {
 		_spec.SetField(user.FieldCreatedAt, field.TypeTime, value)
 		_node.CreatedAt = value