feat: add OTP verification flow + fix concurrency stamp on user confirmation

- Domain: add OtpVerification aggregate, UserVerification entity, OtpVerificationType enum
- Application: add RequestVerification and VerifyOtp commands/handlers/validators/DTOs
- Application: add IUserRepository, IOtpVerificationRepository, IUserVerificationRepository, IOtpCodeGenerator
- Application: add OTP system codes (ERR120–ERR125, CON060–CON061) and message factory shortcuts
- Application: refactor VerifyOtpCommandHandler to use repositories instead of direct ICceDbContext queries
- Infrastructure: add EF configurations, repository implementations, HMAC-based OtpCodeGenerator
- Infrastructure: add UserRepository with FindUserIdByContactAsync and StampConfirmedAsync
- Infrastructure: fix ConcurrencyStamp null stub causing DbUpdateConcurrencyException on user confirm
- Infrastructure: restore pre-existing missing sub-namespace usings in DependencyInjection.cs
- Infrastructure: fix missing using in MessagingOptions.xml doc cref
- API: add POST /verification/request and POST /verification/verify endpoints (anonymous)
- API: add Otp:HmacSecret to appsettings (dev + base configs)
- Seeder: add OTP_VERIFICATION notification template
- Migration: AddOtpVerification

Author: rashed99mm

backend/src/CCE.Api.External/appsettings.Development.json

@@ -89,12 +89,7 @@
   "Seq": {
     "ServerUrl": "http://localhost:5341"
   },
-  "Messaging": {
-    "Transport": "InMemory",
-    "UseAsyncDispatcher": true
-    // For RabbitMQ production:
-    // "Transport": "RabbitMQ",
-    // "RabbitMqHost": "amqp://guest:guest@localhost",
-    // "RabbitMqVirtualHost": "/cce-dev"
+  "Otp": {
+    "HmacSecret": "3ahs3DvW/rdx+InzjOCpqSUDSFuvyF59sPjziVdeIhE="
   }
 }

backend/src/CCE.Api.External/appsettings.json

@@ -73,5 +73,8 @@
     "ApiKey": "",
     "OtlpEndpoint": "http://localhost:5341/ingest/otlp",
     "EnableTracing": true
+  },
+  "Otp": {
+    "HmacSecret": "replace-with-32-byte-base64-hmac-secret"
   }
 }

backend/src/CCE.Api.Internal/appsettings.Development.json

@@ -79,5 +79,8 @@
   },
   "Seq": {
     "ServerUrl": "http://localhost:5341"
+  },
+  "Otp": {
+    "HmacSecret": "3ahs3DvW/rdx+InzjOCpqSUDSFuvyF59sPjziVdeIhE="
   }
 }

backend/src/CCE.Api.Internal/appsettings.json

@@ -73,5 +73,8 @@
     "ApiKey": "",
     "OtlpEndpoint": "http://localhost:5341/ingest/otlp",
     "EnableTracing": true
+  },
+  "Otp": {
+    "HmacSecret": "replace-with-32-byte-base64-hmac-secret"
   }
 }

backend/src/CCE.Application/Identity/IUserRepository.cs

@@ -5,5 +5,5 @@ namespace CCE.Application.Identity;
 public interface IUserRepository
 {
     Task<Guid?> FindUserIdByContactAsync(string contact, OtpVerificationType type, CancellationToken ct = default);
-    void StampConfirmed(Guid userId, OtpVerificationType type);
+    Task StampConfirmedAsync(Guid userId, OtpVerificationType type, CancellationToken ct = default);
 }

backend/src/CCE.Application/Verification/Commands/VerifyOtp/VerifyOtpCommandHandler.cs

@@ -95,7 +95,7 @@ public async Task<Response<VerifyOtpResponseDto>> Handle(
 
         if (userId is null) return null;
 
-        _userRepo.StampConfirmed(userId.Value, entity.TypeId);
+        await _userRepo.StampConfirmedAsync(userId.Value, entity.TypeId, ct).ConfigureAwait(false);
         return userId;
     }
 }