Merged PR 2016: feat(core/auth): add type-safe role-based authorization library

feat(core/auth): add type-safe role-based authorization library

Created @isa/core/auth library with comprehensive role checking:
- RoleService for programmatic hasRole() checks
- IfRoleDirective for declarative *ifRole/*ifNotRole templates
- Type-safe Role enum (CallCenter, Store)
- TokenProvider abstraction with OAuth2 integration
- Signal-based reactive rendering with Angular effects
- Zero-configuration setup via InjectionToken factory

Fixed Bug #5451:
- Hide action buttons for HSC (CallCenter) users on reward order confirmation
- Applied *ifNotRole="Role.CallCenter" to actions container
- Actions now hidden while maintaining card visibility

Testing:
- 18/18 unit tests passing with Vitest
- JUnit and Cobertura reporting configured
- Complete test coverage for role checking logic

Documentation:
- Comprehensive README (817 lines) with API reference
- Usage examples and architecture diagrams
- Updated library-reference.md (62→63 libraries)

Technical:
- Handles both string and array JWT role formats
- Integrated with @isa/core/logging
- Standalone directive (no module imports)
- Full TypeScript type safety

Closes #5451

Related work items: #5451

apps/isa-app/src/shared/services/navigation/customer-create.navigation.ts

@@ -6,7 +6,7 @@ import { NavigationRoute } from './defs/navigation-route';
 import {
   encodeFormData,
   mapCustomerInfoDtoToCustomerCreateFormData,
-} from 'apps/isa-app/src/page/customer';
+} from '@page/customer';
 
 @Injectable({ providedIn: 'root' })
 export class CustomerCreateNavigation {
@@ -58,7 +58,7 @@ export class CustomerCreateNavigation {
       },
     ];
 
-    let formData = params?.customerInfo
+    const formData = params?.customerInfo
       ? encodeFormData(
           mapCustomerInfoDtoToCustomerCreateFormData(params.customerInfo),
         )