feat(phase-3): implement token endpoint and OAuth 2.0 flow

Phase 3 Implementation:
- Token service with secure token generation and validation
- Token endpoint (POST /token) with OAuth 2.0 compliance
- Database migration 003 for tokens table
- Authorization code validation and single-use enforcement

Phase 1 Updates:
- Enhanced CodeStore to support dict values with JSON serialization
- Maintains backward compatibility

Phase 2 Updates:
- Authorization codes now include PKCE fields, used flag, timestamps
- Complete metadata structure for token exchange

Security:
- 256-bit cryptographically secure tokens (secrets.token_urlsafe)
- SHA-256 hashed storage (no plaintext)
- Constant-time comparison for validation
- Single-use code enforcement with replay detection

Testing:
- 226 tests passing (100%)
- 87.27% coverage (exceeds 80% requirement)
- OAuth 2.0 compliance verified

This completes the v1.0.0 MVP with full IndieAuth authorization code flow.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

src/gondulf/main.py

@@ -14,6 +14,7 @@ from gondulf.database.connection import Database
 from gondulf.dns import DNSService
 from gondulf.email import EmailService
 from gondulf.logging_config import configure_logging
+from gondulf.routers import authorization, token, verification
 from gondulf.storage import CodeStore
 
 # Load configuration at application startup
@@ -31,6 +32,11 @@ app = FastAPI(
     version="0.1.0-dev",
 )
 
+# Register routers
+app.include_router(authorization.router)
+app.include_router(token.router)
+app.include_router(verification.router)
+
 # Initialize core services
 database: Database = None
 code_store: CodeStore = None