Add authentication configuration types

[jhrozek]

Add AuthConfig and OAuthProviderConfig to support multi-provider OAuth authentication. The configuration supports:

• Two modes: anonymous (default) and oauth
• Multiple OAuth providers for K8s service accounts and external IDPs
• File-based client secrets with secure path validation
• IssuerURL validation with HTTPS enforcement
• Required audience claim per RFC 6749

Set THV_REGISTRY_INSECURE_URL=true to allow HTTP issuers for development.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 83.05085% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 67.69%. Comparing base (5e28c13) to head (5401591).

Files with missing lines	Patch %	Lines
internal/config/config.go	83.05%	6 Missing and 4 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #171      +/-   ##
==========================================
+ Coverage   67.26%   67.69%   +0.43%     
==========================================
  Files          53       53              
  Lines        3009     3068      +59     
==========================================
+ Hits         2024     2077      +53     
- Misses        853      857       +4     
- Partials      132      134       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[rdimitrov]

LGTM! 🚀

[jhrozek]

fwiw, this is what my local config looks like:

auth:
  mode: oauth
  oauth:
    resourceUrl: http://localhost:8080
    realm: mcp-registry
    providers:
      - name: okta
        issuerUrl: https://integrator-3683736.okta.com/oauth2/ausw8f1ut6X0WMjZN697
        audience: registry