refactor: extract NATS.Server.Auth.Tests project

Move 50 auth/accounts/permissions/JWT/NKey test files from
NATS.Server.Tests into a dedicated NATS.Server.Auth.Tests project.
Update namespaces, replace private GetFreePort/ReadUntilAsync helpers
with TestUtilities calls, replace Task.Delay with TaskCompletionSource
in test doubles, and add InternalsVisibleTo.

690 tests pass.

tests/NATS.Server.Auth.Tests/TokenAuthenticatorTests.cs

@@ -0,0 +1,62 @@
+using NATS.Server.Auth;
+using NATS.Server.Protocol;
+
+namespace NATS.Server.Auth.Tests;
+
+public class TokenAuthenticatorTests
+{
+    [Fact]
+    public void Returns_result_for_correct_token()
+    {
+        var auth = new TokenAuthenticator("secret-token");
+        var ctx = new ClientAuthContext
+        {
+            Opts = new ClientOptions { Token = "secret-token" },
+            Nonce = [],
+        };
+
+        var result = auth.Authenticate(ctx);
+
+        result.ShouldNotBeNull();
+        result.Identity.ShouldBe("token");
+    }
+
+    [Fact]
+    public void Returns_null_for_wrong_token()
+    {
+        var auth = new TokenAuthenticator("secret-token");
+        var ctx = new ClientAuthContext
+        {
+            Opts = new ClientOptions { Token = "wrong-token" },
+            Nonce = [],
+        };
+
+        auth.Authenticate(ctx).ShouldBeNull();
+    }
+
+    [Fact]
+    public void Returns_null_when_no_token_provided()
+    {
+        var auth = new TokenAuthenticator("secret-token");
+        var ctx = new ClientAuthContext
+        {
+            Opts = new ClientOptions(),
+            Nonce = [],
+        };
+
+        auth.Authenticate(ctx).ShouldBeNull();
+    }
+
+    [Fact]
+    public void Returns_null_for_different_length_token()
+    {
+        var auth = new TokenAuthenticator("secret-token");
+        var ctx = new ClientAuthContext
+        {
+            Opts = new ClientOptions { Token = "short" },
+            Nonce = [],
+        };
+
+        auth.Authenticate(ctx).ShouldBeNull();
+    }
+}