Add optional authentication for dashboard

[mishankov]

Summary

Closes #19

This PR adds optional authentication for the /app page and /api/logs endpoint.

Changes

Configuration

• Added PROXYMINI_AUTH_TOKEN environment variable support in internal/config/config.go
• When this env var is set, authentication is required for protected routes

Authentication Flow

1. Login Page (/login): Simple HTML form for entering the auth token
2. Auth Endpoint (/auth): POST endpoint that validates the token and sets an HttpOnly cookie
3. Auth Middleware: Protects /app/ and /api/logs routes when PROXYMINI_AUTH_TOKEN is set

Security Features

• HttpOnly cookie prevents XSS attacks from stealing the auth token
• SameSite=Strict cookie mitigates CSRF attacks
• 30-day cookie expiration (configurable via MaxAge)

Testing

• Build verified: go build succeeds
• Existing tests pass: go test ./internal/proxy ./internal/requestlog
• Manual testing recommended:
  1. Run without PROXYMINI_AUTH_TOKEN - should work as before
  2. Run with PROXYMINI_AUTH_TOKEN=secret - should redirect to /login
  3. Enter valid token on login page - should redirect to /app
  4. Enter invalid token - should show error and stay on login

Code Review Summary

Findings:

• [P2] Missing automated test coverage for auth functionality (documented as residual risk)
• [P3] No logout endpoint (minor UX enhancement, can be added later)

Security Checklist:

• AuthN enforced on all protected paths when token is set
• HttpOnly and SameSite=Strict cookies
• No secrets logged or exposed
• Graceful degradation when auth is not configured