Migrate to mcdsl: auth, config, csrf, web

- Replace internal/auth with mcdsl/auth
- Replace internal/config with mcdsl/config (embed config.Base)
- Replace internal/webserver/csrf.go with mcdsl/csrf
- Use mcdsl/web for session cookies and template rendering
- Use mcdsl/httpserver for server setup and StatusWriter
- Remove direct mcias client library dependency
- Update .golangci.yaml to v2 format (formatters section)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

deploy/systemd/mcat.service

@@ -0,0 +1,29 @@
+[Unit]
+Description=mcat - MCIAS Login Policy Tester
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=mcat
+Group=mcat
+ExecStart=/usr/local/bin/mcat server --config /srv/mcat/mcat.toml
+
+# Security hardening
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+ReadWritePaths=/srv/mcat
+
+[Install]
+WantedBy=multi-user.target