Implement Phase 9: client libraries (Go, Rust, Lisp, Python)

- clients/README.md: canonical API surface and error type reference
- clients/testdata/: shared JSON response fixtures
- clients/go/: mciasgoclient package; net/http + TLS 1.2+; sync.RWMutex
  token state; DisallowUnknownFields on all decoders; 25 tests pass
- clients/rust/: async mcias-client crate; reqwest+rustls (no OpenSSL);
  thiserror MciasError enum; Arc<RwLock> token state; 22+1 tests pass;
  cargo clippy -D warnings clean
- clients/lisp/: ASDF mcias-client; dexador HTTP, yason JSON; mcias-error
  condition hierarchy; Hunchentoot mock-dispatcher; 37 fiveam checks pass
  on SBCL 2.6.1; yason boolean normalisation in validate-token
- clients/python/: mcias_client package (Python 3.11+); httpx sync;
  py.typed; dataclasses; 32 pytest tests; mypy --strict + ruff clean
- test/mock/mockserver.go: in-memory mock server for Go client tests
- ARCHITECTURE.md §19: updated per-language notes to match implementation
- PROGRESS.md: Phase 9 marked complete
- .gitignore: exclude clients/rust/target/, python .venv, .pytest_cache,
  .fasl files
Security: token never logged or exposed in error messages in any library;
TLS enforced in all four languages; token stored under lock/mutex/RwLock

clients/testdata/account_response.json

@@ -0,0 +1,9 @@
+{
+  "id": "123e4567-e89b-12d3-a456-426614174000",
+  "username": "alice",
+  "account_type": "human",
+  "status": "active",
+  "created_at": "2023-11-15T12:00:00Z",
+  "updated_at": "2023-11-15T12:00:00Z",
+  "totp_enabled": false
+}

clients/testdata/accounts_list_response.json

@@ -0,0 +1,20 @@
+[
+  {
+    "id": "123e4567-e89b-12d3-a456-426614174000",
+    "username": "alice",
+    "account_type": "human",
+    "status": "active",
+    "created_at": "2023-11-15T12:00:00Z",
+    "updated_at": "2023-11-15T12:00:00Z",
+    "totp_enabled": false
+  },
+  {
+    "id": "223e4567-e89b-12d3-a456-426614174001",
+    "username": "bot-svc",
+    "account_type": "system",
+    "status": "active",
+    "created_at": "2023-11-15T13:00:00Z",
+    "updated_at": "2023-11-15T13:00:00Z",
+    "totp_enabled": false
+  }
+]

clients/testdata/error_response.json

@@ -0,0 +1,3 @@
+{
+  "error": "invalid credentials"
+}

clients/testdata/login_response.json

@@ -0,0 +1,4 @@
+{
+  "token": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0LW1jaWFzIiwic3ViIjoiMTIzZTQ1NjctZTg5Yi0xMmQzLWE0NTYtNDI2NjE0MTc0MDAwIiwiaWF0IjoxNzAwMDAwMDAwLCJleHAiOjE3MDAwODY0MDAsImp0aSI6ImFiY2QxMjM0LWFiY2QtMTIzNC1hYmNkLTEyMzRhYmNkMTIzNCIsInJvbGVzIjpbXX0.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+  "expires_at": "2023-11-16T00:00:00Z"
+}

clients/testdata/pgcreds_response.json

@@ -0,0 +1,7 @@
+{
+  "host": "db.example.com",
+  "port": 5432,
+  "database": "myapp",
+  "username": "appuser",
+  "password": "s3cret"
+}

clients/testdata/public_key_response.json

@@ -0,0 +1,7 @@
+{
+  "kty": "OKP",
+  "crv": "Ed25519",
+  "x": "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo",
+  "use": "sig",
+  "alg": "EdDSA"
+}

clients/testdata/roles_response.json

@@ -0,0 +1,3 @@
+{
+  "roles": ["admin", "developer"]
+}

clients/testdata/validate_token_response.json

@@ -0,0 +1,6 @@
+{
+  "valid": true,
+  "sub": "123e4567-e89b-12d3-a456-426614174000",
+  "roles": [],
+  "expires_at": "2023-11-16T00:00:00Z"
+}