Privacy for the auth center

This service is used as a shared authentication center for the FluentReact site portfolio. It only requests identity scopes needed for sign-in and account continuity.

In the first release, the service requests `openid`, `email`, and `profile`. It stores the minimum identity data needed to issue short-lived auth codes, verify sessions, and maintain audit records.

Different providers are not automatically merged by email address. The same email exposed by different providers is treated as separate identities until an explicit account-linking feature exists.