✨ feat(auth): JWT TTL hot-reload + fix hardcoded 24h bug (ADR-0023 Phase 2) (#44)

Co-authored-by: Gabriel Radureau <arcodange@gmail.com>
Co-committed-by: Gabriel Radureau <arcodange@gmail.com>

pkg/config/config.go

@@ -609,11 +609,15 @@ func (c *Config) setupLogOutput() {
 // WatchAndApply starts watching the config file for changes and applies the
 // hot-reloadable subset on every change (ADR-0023 selective hot-reload).
 //
-// Phase 1 (this PR) reloads:
-//   - logging.level — re-applies via SetupLogging on every change.
+// Phases shipped:
+//   - Phase 1: logging.level — re-applied via SetupLogging on every change.
+//   - Phase 2: auth.jwt.ttl — picked up automatically because the userService
+//     reads it via JWTConfig.GetTTL (a method value capturing this *Config).
+//     The reloaded TTL is used on the NEXT token generation; tokens issued
+//     before the change keep their original expiry.
 //
-// The other fields listed in ADR-0023 (api.v2_enabled, telemetry sampler,
-// auth.jwt.ttl) remain restart-only until their handlers land in a follow-up.
+// The other fields listed in ADR-0023 (api.v2_enabled, telemetry sampler)
+// remain restart-only until their handlers land in subsequent phases.
 //
 // Stops when ctx is cancelled. Safe to call once at server startup.
 // If the config file is absent (ConfigFileNotFoundError at load time), this
@@ -641,7 +645,10 @@ func (c *Config) WatchAndApply(ctx context.Context) {
 		// Apply hot-reloadable fields. Order matters: logging first so the
 		// rest of the reload is logged at the right level.
 		c.SetupLogging()
-		log.Info().Str("logging_level", c.GetLogLevel()).Msg("Hot-reload applied (logging.level)")
+		log.Info().
+			Str("logging_level", c.GetLogLevel()).
+			Dur("jwt_ttl", c.GetJWTTTL()).
+			Msg("Hot-reload applied (logging.level + auth.jwt.ttl)")
 	})
 	c.viper.WatchConfig()