Document user authentication, session management, and security

[DenizAltunkapan]

Create documentation covering:

• How users register and authenticate.
• JWT token handling and session lifecycle.
• Security best practices: password hashing (e.g., bcrypt), token expiration, refresh flow.
• How master keys are managed and why they are not used to decrypt user data directly.

Subfolder suggestion: vault-web/user-session

Goal: Make sure developers understand the user management flow and the security principles in place.