feat(auth): implement core service layer (password, JWT, auth, user CRUD)

- error.rs: AuthError with proper HTTP status mapping
- service/password.rs: Argon2 hash/verify with tests
- service/token_service.rs: JWT sign/validate, token DB storage with SHA-256 hash
- service/auth_service.rs: login/refresh/logout flows with event publishing
- service/user_service.rs: user CRUD with soft delete and tenant isolation
- Added sha2 dependency to workspace for token hashing

crates/erp-auth/Cargo.toml

@@ -18,5 +18,6 @@ anyhow.workspace = true
 thiserror.workspace = true
 jsonwebtoken.workspace = true
 argon2.workspace = true
+sha2.workspace = true
 validator.workspace = true
 utoipa.workspace = true