Add Basic Auth support for WebDAV and DAV clients

[Leoyzen]

Description

This PR implements HTTP Basic Authentication support in the auth_middleware, enabling compatibility with standard WebDAV, CalDAV, and CardDAV clients that rely on username/password authentication.

Problem: The documentation claimed Basic Auth was supported for DAV clients (in doc/webdav-integration-guide.md, doc/dav-integration.md, and doc/webdav-technical-spec.md), but the auth_middleware only implemented Bearer Token (JWT) authentication. This caused 401 Unauthorized errors when users tried to connect with standard WebDAV clients like macOS Finder, Windows File Explorer, Cyberduck, and DAVx5.

Solution: Modified src/interfaces/middleware/auth.rs to support dual authentication modes:

• Bearer Token (existing): Authorization: Bearer <jwt> - Used by web frontend and API clients
• Basic Auth (new): Authorization: Basic <base64(username:password)> - Used by WebDAV/CalDAV/CardDAV clients

Key Changes:

• Added decode_basic_auth() helper function for base64 credential decoding
• Added authenticate_basic_auth() async function for username/password validation
• Added authenticate_bearer_token() async function (refactored from original middleware)
• Added AuthError::InvalidBasicAuth error variant with proper HTTP 401 response
• Refactored auth_middleware to detect auth scheme from header prefix and route appropriately
• Added detailed tracing logs for debugging authentication flows

Related Issue

Fixes: Documentation inconsistency where Basic Auth was documented but not actually implemented.

Type of Change

Please check the option that best describes your change:

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update
• Performance improvement
• Code refactoring
• Documentation update

How Has This Been Tested?

Manual Testing:

# Test 1: Bearer Token authentication (existing functionality - should still work)
export JWT_TOKEN="your.jwt.token.here"
curl -H "Authorization: Bearer $JWT_TOKEN" \
  https://localhost:8086/webdav/ \
  -X PROPFIND

# Test 2: Basic Auth authentication (new functionality)
curl -u username:password \
  https://localhost:8086/webdav/ \
  -X PROPFIND

# Test 3: Basic Auth with explicit header
curl -H "Authorization: Basic $(echo -n 'user:pass' | base64)" \
  https://localhost:8086/webdav/ \
  -X PROPFIND

# Test 4: Invalid credentials should return 401
curl -u wronguser:wrongpass \
  https://localhost:8086/webdav/ \
  -X PROPFIND \
  -w "%{http_code}"  # Expect 401

Python Client Test:

import requests
from requests.auth import HTTPBasicAuth

# This should now work (previously returned 401)
response = requests.request(
    'PROPFIND',
    'https://localhost:8086/webdav/',
    auth=HTTPBasicAuth('username', 'password'),
    headers={'Depth': '1'}
)
print(response.status_code)  # Expect 207

Test Configuration:

• Local development server with OXICLOUD_ENABLE_AUTH=true
• PostgreSQL database with test user account
• Tested with both valid and invalid credentials

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

Notes:

• There is one minor deprecation warning about base64::decode() which can be addressed in a future cleanup PR (does not affect functionality)
• Documentation updates may be needed to clarify that both auth methods are now supported
• No new unit tests were added, but existing auth-related tests should continue to pass

[jaredwolff]

UI has the ability to generate application passwords now:

(Under profile)