Docs: Update API docs for auth and RBAC #27
Description
Summary\n- Update API documentation and README for the new authentication and RBAC flow. Extend OpenAPI.\n\nDeliverables\n- Update openapi.yaml to include auth endpoints and security schemes (cookie + bearer JWT).\n- Document role requirements on endpoints.\n- Serve Swagger UI at /api/docs if not already added.\n- README: quickstart, example curl for login, authenticated requests with cookie/JWT, and RBAC notes.\n\nReferences\n- Issue #22 (API docs/OpenAPI)\n- Epic: #23\n\nAcceptance Criteria\n- Clear, copy-pasteable examples for login and authorized requests.\n- Security schemes properly defined in OpenAPI.