feat(auth): add session-based auth service with tests

backend/include/csp/services/auth_service.h

@@ -0,0 +1,30 @@
+#pragma once
+
+#include "csp/db/sqlite_db.h"
+
+#include <optional>
+#include <string>
+
+namespace csp::services {
+
+struct AuthResult {
+  int user_id = 0;
+  std::string token;
+  int64_t expires_at = 0;
+};
+
+class AuthService {
+ public:
+  explicit AuthService(db::SqliteDb& db) : db_(db) {}
+
+  // Throws on error; for controller we will catch and convert to JSON.
+  AuthResult Register(const std::string& username, const std::string& password);
+  AuthResult Login(const std::string& username, const std::string& password);
+
+  std::optional<int> VerifyToken(const std::string& token);
+
+ private:
+  db::SqliteDb& db_;
+};
+
+}  // namespace csp::services

backend/include/csp/services/crypto.h

@@ -0,0 +1,10 @@
+#pragma once
+
+#include <string>
+
+namespace csp::crypto {
+
+std::string RandomHex(size_t bytes);
+std::string Sha256Hex(const std::string& data);
+
+}  // namespace csp::crypto