maintenance: migrate agent basic auth to token auth

[tschaefer]

No description provided.

[Copilot]

Pull request overview

This PR migrates agent authentication from basic auth (username/password with bcrypt hashing) to JWT bearer token-based authentication. This change simplifies the security model by removing the need for password storage and AES encryption, while maintaining strong authentication through signed JWT tokens.

Changes:

• Removed password/username fields from Agent model and added database migration to drop these columns
• Replaced basic auth validation with JWT token validation in the auth server
• Added token generation functionality with 365-day default expiration for agents
• Updated dashboard UI to display bearer tokens instead of credentials
• Removed AES encryption package (no longer needed without stored passwords)

Reviewed changes

Copilot reviewed 24 out of 24 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
internal/model/agent.go	Removed Password, PasswordHash, and Username fields from Agent struct
internal/model/agent_test.go	Updated tests to remove password/username assertions
internal/database/database.go	Added migration logic to drop password, password_hash, and username columns
internal/database/database_test.go	Updated schema validation to reflect removed columns
internal/controller/token.go	Added GenerateAgentToken function for JWT token generation
internal/controller/agent_marshal.go	Removed credential generation logic from agent marshaling
internal/controller/agent_config.go	Updated Alloy config generation to use bearer tokens instead of basic auth
internal/controller/agent.go	Removed password decryption from GetAgent
internal/controller/agent_test.go	Removed test for invalid service secret (no longer applicable)
internal/auth/server.go	Replaced basic auth validation with JWT token validation
internal/auth/server_test.go	Updated tests to validate JWT tokens instead of passwords
internal/auth/logging.go	Added request logging helper (duplicated from http package)
internal/http/handlers.go	Updated sendToken to generate and display JWT tokens
internal/http/handlers_test.go	Updated test to verify token display instead of credentials
internal/http/middleware.go	Added logging for unauthorized WebSocket attempts
internal/http/logging.go	Added request logging helper
internal/http/templates/token.html	New template for displaying bearer tokens with expiration
internal/http/templates/credentials.html	Removed old credentials template
internal/http/templates/agents.html	Updated to use token UI elements
internal/http/templates/dashboard.html	Updated CSS and JavaScript for token display
internal/aes/aes.go	Removed AES encryption package (no longer needed)
internal/aes/aes_test.go	Removed AES encryption tests
internal/manager/manager.go	Updated auth server initialization to pass config
.github/copilot-instructions.md	Removed (moved to custom-instructions directory)