Feat/auth refresh

[REM-moe]

Description

This pull request completes Phase 3 Authentication requirements by addressing several outstanding technical debts and completely modernizing the project's developer setup experience.

Summary of changes:

• Developer Automation: Replaced broken linter references by implementing make setup, a command that automatically downloads and installs $GOPATH/bin Go libraries (swag, goose, pkgsite, gomarkdoc, and golangci-lint v1.64). Updated the README.md to reflect this prerequisite step.
• Refresh Token Storage: Created a new database schema migration to cryptographically hash and store refresh_tokens, securely tying long-lived sessions to user_id inside the database upon login.
• Migration Sequencing: Addressed the incorrectly timestamped 2024 initial migration SQL files by utilizing goose fix to format them into a proper sequential rollout (00001, 00002, 00003).
• Authorization Middlewares: Created AuthMiddleware to parse and validate Bearer JSON Web Tokens and insert the user claims into the HTTP Context securely. Created a RequirePermission(resource.action) middleware which queries the JSONB permission matrix attached to the requested staff member, preventing unauthorized access to protected endpoints.
• CORS Config: Replaced the permissive wildcard * with a dynamic AllowedOrigins variable populated by the new CORS_ALLOWED_ORIGINS .env string.

Fixes # (issue)

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

• Auth Token Unit Tests: Developed a suite in internal/middleware/auth_test.go verifying valid Token claims extraction natively against malicious signatures, corrupt formatting, and missing headers.
• Make Pipeline Tests: Successfully evaluated the developer pipeline (make setup -> make migrate-up -> make test -> make lint -> make build) locally across Docker on macOS to certify system-level environment robustness and Go 1.23+ backwards compatibility.

Performance (Optional)

Not currently benchmarked via make benchmark, although cryptographic hashing additions naturally increase latency slightly during login.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes (make test)
• Any dependent changes have been merged and published in downstream modules
• I have run make lint and fixed any issues
• I have run make migrate-up (if applicable) and verified database changes
• I have run make swagger (if applicable) and updated API docs
• My commit messages follow Conventional Commits

[REM-moe]

@joshua-sajeev @NavaneethMv

Can you guys check this out