Migrate to mcdsl: auth, config, csrf, web

- Replace internal/auth with mcdsl/auth
- Replace internal/config with mcdsl/config (embed config.Base)
- Replace internal/webserver/csrf.go with mcdsl/csrf
- Use mcdsl/web for session cookies and template rendering
- Use mcdsl/httpserver for server setup and StatusWriter
- Remove direct mcias client library dependency
- Update .golangci.yaml to v2 format (formatters section)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

web/templates/dashboard.html

@@ -0,0 +1,19 @@
+{{define "title"}} - Dashboard{{end}}
+{{define "content"}}
+<div class="card">
+    <div class="card-title">Session</div>
+    <div class="success">Login successful. MCIAS accepted this service context.</div>
+    <dl class="session-info">
+        <dt>Username</dt>
+        <dd>{{.Username}}</dd>
+        <dt>Roles</dt>
+        <dd>{{range .Roles}}<span class="role-tag">{{.}}</span>{{end}}</dd>
+        <dt>Service Name</dt>
+        <dd><code>{{.ServiceName}}</code></dd>
+        {{if .Tags}}
+        <dt>Tags</dt>
+        <dd>{{range .Tags}}<code>{{.}}</code> {{end}}</dd>
+        {{end}}
+    </dl>
+</div>
+{{end}}

web/templates/layout.html

@@ -0,0 +1,27 @@
+{{define "layout"}}<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>mcat{{block "title" .}}{{end}}</title>
+    <script src="/static/htmx.min.js"></script>
+    <link rel="stylesheet" href="/static/style.css">
+</head>
+<body>
+    <nav class="topnav">
+        <a href="/" class="topnav-brand">mcat</a>
+        {{if .Username}}
+        <div class="topnav-right">
+            <span class="topnav-user">{{.Username}}</span>
+            <form method="POST" action="/logout" style="margin:0">
+                {{csrfField}}
+                <button type="submit" class="btn-ghost btn">Logout</button>
+            </form>
+        </div>
+        {{end}}
+    </nav>
+    <div class="{{block "container-class" .}}page-container{{end}}">
+        {{template "content" .}}
+    </div>
+</body>
+</html>{{end}}

web/templates/login.html

@@ -0,0 +1,30 @@
+{{define "title"}} - Login{{end}}
+{{define "container-class"}}auth-container{{end}}
+{{define "content"}}
+<div class="auth-header">
+    <div class="brand">mcat</div>
+    <div class="tagline">MCIAS Login Policy Tester</div>
+</div>
+<div class="card">
+    <div class="card-title">Sign In</div>
+    {{if .Error}}<div class="error">{{.Error}}</div>{{end}}
+    <form method="POST" action="/login">
+        {{csrfField}}
+        <div class="form-group">
+            <label for="username">Username</label>
+            <input type="text" id="username" name="username" autocomplete="username" required autofocus>
+        </div>
+        <div class="form-group">
+            <label for="password">Password</label>
+            <input type="password" id="password" name="password" autocomplete="current-password" required>
+        </div>
+        <div class="form-group">
+            <label for="totp_code">TOTP Code (optional)</label>
+            <input type="text" id="totp_code" name="totp_code" autocomplete="one-time-code" inputmode="numeric" pattern="[0-9]*" placeholder="6-digit code">
+        </div>
+        <div class="form-actions">
+            <button type="submit">Login</button>
+        </div>
+    </form>
+</div>
+{{end}}