feat: add Logto Management API client for org provisioning

Creates Logto organizations when tenants are created. Authenticates
via M2M client credentials. Gracefully skips when Logto is not
configured (dev/test mode).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/test/java/net/siegeln/cameleer/saas/tenant/TenantServiceTest.java

@@ -2,6 +2,7 @@ package net.siegeln.cameleer.saas.tenant;
 
 import net.siegeln.cameleer.saas.audit.AuditAction;
 import net.siegeln.cameleer.saas.audit.AuditService;
+import net.siegeln.cameleer.saas.identity.LogtoManagementClient;
 import net.siegeln.cameleer.saas.tenant.dto.CreateTenantRequest;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -28,11 +29,14 @@ class TenantServiceTest {
     @Mock
     private AuditService auditService;
 
+    @Mock
+    private LogtoManagementClient logtoClient;
+
     private TenantService tenantService;
 
     @BeforeEach
     void setUp() {
-        tenantService = new TenantService(tenantRepository, auditService);
+        tenantService = new TenantService(tenantRepository, auditService, logtoClient);
     }
 
     @Test