🧪 test: implement per-scenario state isolation and enhance validate-test-suite.sh

- Add pkg/bdd/steps/scenario_state.go with thread-safe per-scenario state manager
- Update auth_steps.go, jwt_retention_steps.go to use per-scenario state accessors
- Add LastSecret and LastError fields to ScenarioState for JWT retention testing
- Update steps.go with SetScenarioKeyForAllSteps function
- Update suite.go to generate scenario keys and clear state properly
- Mark config hot-reload scenarios as @flaky (timing-sensitive)
- Fix validate-test-suite.sh: add -p 1 flag for sequential execution, filter JSON logs, add --count flag
- Add CONFIG_SCHEMA.md documenting configuration architecture
- Split greet tests into v1/v2 sub-tests with explicit v2 enable/disable

Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>

pkg/bdd/testserver/config_test.go

@@ -9,7 +9,7 @@ import (
 func TestCreateTestConfig(t *testing.T) {
 	// Test 1: Default config (no test config file)
 	t.Run("DefaultConfig", func(t *testing.T) {
-		cfg := createTestConfig(9999)
+		cfg := createTestConfig(9999, false)
 
 		assert.Equal(t, "0.0.0.0", cfg.Server.Host)
 		assert.Equal(t, 9999, cfg.Server.Port)
@@ -17,4 +17,13 @@ func TestCreateTestConfig(t *testing.T) {
 		assert.Equal(t, "admin123", cfg.Auth.AdminMasterPassword)
 		assert.Equal(t, "dance_lessons_coach", cfg.Database.Name)
 	})
+
+	// Test 2: Config with v2 enabled
+	t.Run("V2EnabledConfig", func(t *testing.T) {
+		cfg := createTestConfig(9999, true)
+
+		assert.Equal(t, "0.0.0.0", cfg.Server.Host)
+		assert.Equal(t, 9999, cfg.Server.Port)
+		assert.True(t, cfg.API.V2Enabled)
+	})
 }