feat: add password support for local user creation and per-user login

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/UserAdminController.java

@@ -23,6 +23,8 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
 import java.time.Instant;
 import java.util.List;
 import java.util.Map;
@@ -38,6 +40,8 @@ import java.util.UUID;
 @PreAuthorize("hasRole('ADMIN')")
 public class UserAdminController {
 
+    private static final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+
     private final RbacService rbacService;
     private final UserRepository userRepository;
     private final AuditService auditService;
@@ -79,6 +83,9 @@ public class UserAdminController {
                 request.displayName() != null ? request.displayName() : request.username(),
                 Instant.now());
         userRepository.upsert(user);
+        if (request.password() != null && !request.password().isBlank()) {
+            userRepository.setPassword(userId, passwordEncoder.encode(request.password()));
+        }
         rbacService.assignRoleToUser(userId, SystemRole.VIEWER_ID);
         auditService.log("create_user", AuditCategory.USER_MGMT, userId,
                 Map.of("username", request.username()), AuditResult.SUCCESS, httpRequest);
@@ -165,6 +172,6 @@ public class UserAdminController {
         return ResponseEntity.noContent().build();
     }
 
-    public record CreateUserRequest(String username, String displayName, String email) {}
+    public record CreateUserRequest(String username, String displayName, String email, String password) {}
     public record UpdateUserRequest(String displayName, String email) {}
 }