feat: port session 06 — Authentication & JWT types, validators, cipher suites

Port independently-testable auth functions from auth.go, ciphersuites.go,
and jwt.go. Server-dependent methods (configureAuthorization, checkAuthentication,
auth callout, etc.) are stubbed for later sessions.

- AuthTypes: User, NkeyUser, SubjectPermission, ResponsePermission, Permissions,
  RoutePermissions, Account — all with deep Clone() methods
- AuthHandler: IsBcrypt, ComparePasswords, ValidateResponsePermissions,
  ValidateAllowedConnectionTypes, ValidateNoAuthUser, ValidateAuth,
  DnsAltNameLabels, DnsAltNameMatches, WipeSlice, ConnectionTypes constants
- CipherSuites: CipherMap, CipherMapById, DefaultCipherSuites,
  CurvePreferenceMap, DefaultCurvePreferences
- JwtProcessor: JwtPrefix, WipeSlice, ValidateSrc (CIDR matching),
  ValidateTimes (time-of-day ranges), TimeRange type
- ServerOptions: added Users, Nkeys, TrustedOperators properties
- 67 new unit tests (all 328 tests pass)
- DB: 18 features complete, 25 stubbed; 6 Go tests complete, 125 stubbed

dotnet/src/ZB.MOM.NatsNet.Server/ServerOptions.cs

@@ -16,6 +16,7 @@
 using System.Net.Security;
 using System.Security.Authentication;
 using System.Threading;
+using ZB.MOM.NatsNet.Server.Auth;
 
 namespace ZB.MOM.NatsNet.Server;
 
@@ -109,6 +110,9 @@ public sealed partial class ServerOptions
     public bool NoSystemAccount { get; set; }
     public AuthCalloutOpts? AuthCallout { get; set; }
     public bool AlwaysEnableNonce { get; set; }
+    public List<User>? Users { get; set; }
+    public List<NkeyUser>? Nkeys { get; set; }
+    public List<object> TrustedOperators { get; set; } = [];
     public IAuthentication? CustomClientAuthentication { get; set; }
     public IAuthentication? CustomRouterAuthentication { get; set; }