feat: basic jwt auth

[brendan-myers]

No description provided.

[Copilot]

Pull Request Overview

This PR introduces basic JWT authentication support alongside the existing SPIFFE flow.

• Adds github.com/golang-jwt/jwt/v4 and github.com/MicahParks/keyfunc dependencies.
• Refactors cmd/main.go to use a pluggable Authenticator interface for SPIFFE and JWT.
• Implements JwtAuthenticator with comprehensive unit tests and removes the deprecated Refresh method from the interface and SPIFFE implementation.

Reviewed Changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
go.mod	Added JWT and keyfunc dependencies; moved otel/sdk to indirect.
config.yaml.sample	Added commented JWT authentication example next to SPIFFE.
cmd/main.go	Refactored auth initialization to select and initialize providers dynamically.
auth/spiffe.go	Removed the unused Refresh method from SPIFFE authenticator.
auth/spiffe_test.go	Removed the Refresh test for SPIFFE authenticator.
auth/manager_test.go	Removed Refresh stub from MockAuthenticator.
auth/jwt.go	Added JwtAuthenticator implementation.
auth/jwt_test.go	Added extensive tests for JwtAuthenticator.
auth/authenticator.go	Dropped Refresh from the Authenticator interface.
auth/authenticator_test.go	Updated interface compliance tests to exclude Refresh.

Comments suppressed due to low confidence (1)

auth/jwt.go:14

• Field JwksUrl uses mixed-case acronym. Go naming conventions recommend uppercase acronyms (e.g., JWKSURL), so consider renaming to JWKSURL for consistency.

	JwksUrl   string   `yaml:"jwks-url"`