feat(auth): backport multi-issuer JWT validation to v2 go-libs

[sylr]

Summary

• Backports multi-issuer JWT validation from go-libs v3 (commit 33a9429) to the in-repo libs/go-libs/auth/ package
• Replaces the single-issuer model (with hardcoded http://auth:8080/keys endpoint hack) with proper OIDC discovery per issuer
• Adds --auth-issuers CLI flag (StringSlice) alongside the existing --auth-issuer for backward compatibility
• Zero changes to component code — only libs/go-libs/auth/ files are modified

Test plan

• cd libs/go-libs && go build ./auth/... — compiles
• cd components/payments && go build ./... — compiles
• cd components/ledger && go build ./... — compiles
• cd ee/webhooks && go build ./... — compiles
• cd ee/wallets && go build ./... — compiles
• cd ee/reconciliation && go build ./... — compiles
• Deploy with --auth-issuers=<issuer1>,<issuer2> and verify tokens from both issuers are accepted
• Deploy with only --auth-issuer=<issuer> (deprecated) and verify backward compatibility

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/v2.0+multi-issuers

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}