Merged PR 2016: feat(core/auth): add type-safe role-based authorization library

feat(core/auth): add type-safe role-based authorization library

Created @isa/core/auth library with comprehensive role checking:
- RoleService for programmatic hasRole() checks
- IfRoleDirective for declarative *ifRole/*ifNotRole templates
- Type-safe Role enum (CallCenter, Store)
- TokenProvider abstraction with OAuth2 integration
- Signal-based reactive rendering with Angular effects
- Zero-configuration setup via InjectionToken factory

Fixed Bug #5451:
- Hide action buttons for HSC (CallCenter) users on reward order confirmation
- Applied *ifNotRole="Role.CallCenter" to actions container
- Actions now hidden while maintaining card visibility

Testing:
- 18/18 unit tests passing with Vitest
- JUnit and Cobertura reporting configured
- Complete test coverage for role checking logic

Documentation:
- Comprehensive README (817 lines) with API reference
- Usage examples and architecture diagrams
- Updated library-reference.md (62→63 libraries)

Technical:
- Handles both string and array JWT role formats
- Integrated with @isa/core/logging
- Standalone directive (no module imports)
- Full TypeScript type safety

Closes #5451

Related work items: #5451

tsconfig.base.json

@@ -62,6 +62,7 @@
       "@isa/common/data-access": ["libs/common/data-access/src/index.ts"],
       "@isa/common/decorators": ["libs/common/decorators/src/index.ts"],
       "@isa/common/print": ["libs/common/print/src/index.ts"],
+      "@isa/core/auth": ["libs/core/auth/src/index.ts"],
       "@isa/core/config": ["libs/core/config/src/index.ts"],
       "@isa/core/logging": ["libs/core/logging/src/index.ts"],
       "@isa/core/navigation": ["libs/core/navigation/src/index.ts"],