feat: add OAuth2 Resource Server for Logto OIDC authentication

Dual auth: machine endpoints use Ed25519 JWT filter, all other API
endpoints use Spring Security OAuth2 Resource Server with Logto OIDC.
Mock JwtDecoder provided for test isolation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/test/java/net/siegeln/cameleer/saas/CameleerSaasApplicationTest.java

@@ -6,7 +6,7 @@ import org.springframework.context.annotation.Import;
 import org.springframework.test.context.ActiveProfiles;
 
 @SpringBootTest
-@Import(TestcontainersConfig.class)
+@Import({TestcontainersConfig.class, TestSecurityConfig.class})
 @ActiveProfiles("test")
 class CameleerSaasApplicationTest {
 

src/test/java/net/siegeln/cameleer/saas/TestSecurityConfig.java

@@ -0,0 +1,24 @@
+package net.siegeln.cameleer.saas;
+
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
+
+import java.time.Instant;
+import java.util.Map;
+
+@TestConfiguration
+public class TestSecurityConfig {
+
+    @Bean
+    public JwtDecoder jwtDecoder() {
+        return token -> Jwt.withTokenValue(token)
+                .header("alg", "RS256")
+                .claim("sub", "test-user")
+                .claim("iss", "https://test-issuer.example.com/oidc")
+                .issuedAt(Instant.now())
+                .expiresAt(Instant.now().plusSeconds(3600))
+                .build();
+    }
+}

src/test/java/net/siegeln/cameleer/saas/auth/AuthControllerTest.java

@@ -2,6 +2,7 @@ package net.siegeln.cameleer.saas.auth;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import net.siegeln.cameleer.saas.TestcontainersConfig;
+import net.siegeln.cameleer.saas.TestSecurityConfig;
 import net.siegeln.cameleer.saas.auth.dto.LoginRequest;
 import net.siegeln.cameleer.saas.auth.dto.RegisterRequest;
 import org.junit.jupiter.api.Test;
@@ -20,7 +21,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 
 @SpringBootTest
 @AutoConfigureMockMvc
-@Import(TestcontainersConfig.class)
+@Import({TestcontainersConfig.class, TestSecurityConfig.class})
 @ActiveProfiles("test")
 class AuthControllerTest {
 

src/test/java/net/siegeln/cameleer/saas/license/LicenseControllerTest.java

@@ -2,6 +2,7 @@ package net.siegeln.cameleer.saas.license;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import net.siegeln.cameleer.saas.TestcontainersConfig;
+import net.siegeln.cameleer.saas.TestSecurityConfig;
 import net.siegeln.cameleer.saas.tenant.dto.CreateTenantRequest;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -19,7 +20,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 
 @SpringBootTest
 @AutoConfigureMockMvc
-@Import(TestcontainersConfig.class)
+@Import({TestcontainersConfig.class, TestSecurityConfig.class})
 @ActiveProfiles("test")
 class LicenseControllerTest {
 

src/test/java/net/siegeln/cameleer/saas/tenant/TenantControllerTest.java

@@ -2,6 +2,7 @@ package net.siegeln.cameleer.saas.tenant;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import net.siegeln.cameleer.saas.TestcontainersConfig;
+import net.siegeln.cameleer.saas.TestSecurityConfig;
 import net.siegeln.cameleer.saas.tenant.dto.CreateTenantRequest;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -19,7 +20,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 
 @SpringBootTest
 @AutoConfigureMockMvc
-@Import(TestcontainersConfig.class)
+@Import({TestcontainersConfig.class, TestSecurityConfig.class})
 @ActiveProfiles("test")
 class TenantControllerTest {