feat(phase-3): implement token endpoint and OAuth 2.0 flow

Phase 3 Implementation:
- Token service with secure token generation and validation
- Token endpoint (POST /token) with OAuth 2.0 compliance
- Database migration 003 for tokens table
- Authorization code validation and single-use enforcement

Phase 1 Updates:
- Enhanced CodeStore to support dict values with JSON serialization
- Maintains backward compatibility

Phase 2 Updates:
- Authorization codes now include PKCE fields, used flag, timestamps
- Complete metadata structure for token exchange

Security:
- 256-bit cryptographically secure tokens (secrets.token_urlsafe)
- SHA-256 hashed storage (no plaintext)
- Constant-time comparison for validation
- Single-use code enforcement with replay detection

Testing:
- 226 tests passing (100%)
- 87.27% coverage (exceeds 80% requirement)
- OAuth 2.0 compliance verified

This completes the v1.0.0 MVP with full IndieAuth authorization code flow.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

src/gondulf/dependencies.py

@@ -9,6 +9,7 @@ from gondulf.services.domain_verification import DomainVerificationService
 from gondulf.services.html_fetcher import HTMLFetcherService
 from gondulf.services.rate_limiter import RateLimiter
 from gondulf.services.relme_parser import RelMeParser
+from gondulf.services.token_service import TokenService
 from gondulf.storage import CodeStore
 
 
@@ -85,3 +86,21 @@ def get_verification_service() -> DomainVerificationService:
         html_fetcher=get_html_fetcher(),
         relme_parser=get_relme_parser()
     )
+
+
+# Phase 3 Services
+@lru_cache
+def get_token_service() -> TokenService:
+    """
+    Get TokenService singleton.
+
+    Returns cached instance for dependency injection.
+    """
+    database = get_database()
+    config = get_config()
+
+    return TokenService(
+        database=database,
+        token_length=32,  # 256 bits
+        token_ttl=config.TOKEN_EXPIRY  # From environment (default: 3600)
+    )