feat(04-01): implement security service foundation

- JwtServiceImpl: HMAC-SHA256 via Nimbus JOSE+JWT with ephemeral 256-bit secret
- Ed25519SigningServiceImpl: JDK 17 KeyPairGenerator with ephemeral keypair
- BootstrapTokenValidator: constant-time comparison with dual-token rotation
- SecurityBeanConfig: bean wiring with fail-fast validation for CAMELEER_AUTH_TOKEN
- SecurityProperties: config binding for token expiry and bootstrap tokens
- TestSecurityConfig: permit-all filter chain to keep existing tests green
- application.yml: security config with env var mapping
- All 18 security unit tests pass, all 71 tests pass in full verify

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

cameleer3-server-app/src/main/resources/application.yml

@@ -32,6 +32,12 @@ ingestion:
 clickhouse:
   ttl-days: 30
 
+security:
+  access-token-expiry-ms: 3600000
+  refresh-token-expiry-ms: 604800000
+  bootstrap-token: ${CAMELEER_AUTH_TOKEN:}
+  bootstrap-token-previous: ${CAMELEER_AUTH_TOKEN_PREVIOUS:}
+
 springdoc:
   api-docs:
     path: /api/v1/api-docs