feat: implement authentication system

- Add auth.rs module with session management
- Implement login/logout/verify API endpoints
- Add authentication middleware
- Protect /api/v2/tree endpoint
- Default demo user (username: demo, password: demo123)
- Token-based auth with 24-hour expiration
- bcrypt password hashing

Cargo.toml

@@ -26,6 +26,8 @@ chrono = { version = "0.4", features = ["serde"] }
 async-trait = "0.1"
 once_cell = "1"
 sha2 = "0.10"
+jsonwebtoken = "9"
+bcrypt = "0.15"
 
 [dev-dependencies]
 axum-test = "14"