📝 docs: restore ADR-0011 validation library selection

- Restored ADR-0011 with updated implementation details
- Documented go-playground/validator adoption and integration strategy
- Added technical implementation examples and migration path
- Updated status to 'Adopted' reflecting current usage

🔧 refactor: integrate authentication handlers with validation system

- Added validation tags to all authentication request DTOs:
  - LoginRequest: username (3-50 chars), password (6+ chars)
  - RegisterRequest: username (3-50 chars), password (6-100 chars)
  - PasswordResetRequest: username (3-50 chars)
  - PasswordResetCompleteRequest: username (3-50 chars), new_password (6-100 chars)
- Updated AuthHandler to accept validator parameter
- Replaced manual validation with structured validator.Validate() calls
- Added writeValidationError() helper for consistent error responses
- Updated server to inject validator into authentication handler
- Improved error messages with field-level validation details

🧪 test: update BDD tests for new validation error format

- Updated authentication validation tests to expect structured errors
- All 25 BDD scenarios passing with improved validation coverage
- Maintained backward compatibility for error handling

Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>

pkg/server/server.go

@@ -164,7 +164,7 @@ func (s *Server) registerApiV1Routes(r chi.Router) {
 	if s.userService != nil && s.userRepo != nil {
 		// Use unified user service - much simpler!
 		if s.userService != nil {
-			handler := userapi.NewAuthHandler(s.userService, s.userService)
+			handler := userapi.NewAuthHandler(s.userService, s.userService, s.validator)
 			r.Route("/auth", func(r chi.Router) {
 				handler.RegisterRoutes(r)
 			})