feat: add auth package with file-based token support for K8s projected volumes

[akshat-kumar-singhal]

Description:

• Introduced pkg/gofr/service/auth package that consolidates authentication for outgoing HTTP service calls
• Added Provider interface (header key + value) and TokenSource interface (raw token) to cleanly separate auth header injection from token acquisition
• Added NewBearerAuthOption(TokenSource) for bearer-style auth and NewAuthOption(Provider) for custom header-based auth
• Added file-based token auth (NewFileTokenAuthConfig) supporting Kubernetes projected service account tokens with automatic periodic refresh and sync.Once-guarded shutdown
• OAuth implementation now caches TokenSource at construction time, leveraging golang.org/x/oauth2's built-in token refresh instead of re-creating a token source per request
• BasicAuth pre-computes the Base64-encoded header value at construction time instead of re-encoding per request
• Added Observable interface to service.Options enabling automatic logger/metrics injection from NewHTTPService into options that support it. When AddOption is called directly, callers must set logger/metrics manually
• Err type implements Unwrap() for proper error chain traversal with errors.Is/errors.As
• Deprecated existing auth types in service/ (BasicAuthConfig, APIKeyConfig, OAuthConfig, AuthErr) — deprecated code remains fully functional
• Moved auth test coverage to auth/ package with table-driven tests; all concrete types are unexported to minimize API surface

Breaking Changes: None. All existing service.NewBasicAuthConfig, service.NewAPIKeyConfig, service.NewOAuthConfig continue to work unchanged.

Additional Information:

• File token auth defaults to /var/run/secrets/kubernetes.io/serviceaccount/token and 30s refresh interval
• Related discussion: https://github.com/orgs/gofr-dev/discussions/3243

Checklist:

• I have formatted my code using goimport and golangci-lint.
• All new code is covered by unit tests.
• This PR does not decrease the overall code coverage.
• I have reviewed the code comments and documentation for clarity.

[Umang01-hash]

Hey @akshat-kumar-singhal ! Thanks for the PR.

• The new authProvider in this package is a different type from service.authProvider. extractHTTPService in connection_pool.go does a type switch on *authProvider (the service package one) to unwrap the decorator chain. When the new auth options are used, it'll hit the default: return nil case — meaning ConnectionPoolConfig, CircuitBreakerConfig, and RetryConfig silently stop working when combined with any auth option from this package.

• These tests files that you deleted cover the existing public types which are still exported and functional (just deprecated). Removing tests for code that's still in use will drop coverage on those code paths. We should keep these tests until the deprecated types are actually removed.

• The file-token auth feature is a good addition — the use case is real and the refresh logic looks solid. But could we scope this down to just adding FileTokenAuthConfig in the existing service/ package, following the same pattern as BasicAuthConfig and OAuthConfig? The restructuring into a sub-package, the new interfaces (Provider, TokenSource, Observable), and the deprecations are a lot of surface area change for what's essentially one new auth type.