feat(02-01): implement deps/auth.py FastAPI dependency chain with tests
- get_current_user: validates Bearer JWT via decode_access_token, loads User from DB
raises HTTP 401 on invalid/expired token, missing user, or deactivated account
- get_current_admin: wraps get_current_user, raises HTTP 403 on role != 'admin' (T-02-07)
- Admin impersonation architecturally excluded (ADMIN-07, T-02-08) — no code path bypasses role check
- tests/test_auth_deps.py: 7 tests covering happy path, tampered token, inactive user, 403 non-admin, 200 admin
curo1305
c4613b6b87