Production-ready SSO, RBAC, and fine-grained API authorization

Integrate support for enterprise SSO (OAuth2, SAML, OpenID Connect) and RBAC. Provide fine-grained API and resource-level authorization policies, admin UI for managing roles/permissions, and best practices for integrating with Identity Providers (Okta, Azure AD, etc.).