feat(phase-4a): complete Phase 3 implementation and gap analysis

Merges Phase 4a work including:

Implementation:
- Metadata discovery endpoint (/api/.well-known/oauth-authorization-server)
- h-app microformat parser service
- Enhanced authorization endpoint with client info display
- Configuration management system
- Dependency injection framework

Documentation:
- Comprehensive gap analysis for v1.0.0 compliance
- Phase 4a clarifications on development approach
- Phase 4-5 critical components breakdown

Testing:
- Unit tests for h-app parser (308 lines, comprehensive coverage)
- Unit tests for metadata endpoint (134 lines)
- Unit tests for configuration system (18 lines)
- Integration test updates

All tests passing with high coverage. Ready for Phase 4b security hardening.

src/gondulf/templates/authorize.html

@@ -5,7 +5,23 @@
 {% block content %}
 <h1>Authorization Request</h1>
 
+{% if client_metadata %}
+<div class="client-metadata">
+    {% if client_metadata.logo %}
+    <img src="{{ client_metadata.logo }}" alt="{{ client_metadata.name or 'Client' }} logo" class="client-logo" style="max-width: 64px; max-height: 64px;">
+    {% endif %}
+    <h2>{{ client_metadata.name or client_id }}</h2>
+    {% if client_metadata.url %}
+    <p><a href="{{ client_metadata.url }}" target="_blank">{{ client_metadata.url }}</a></p>
+    {% endif %}
+</div>
+<p>The application <strong>{{ client_metadata.name or client_id }}</strong> wants to authenticate you.</p>
+{% else %}
+<div class="client-info">
+    <h2>{{ client_id }}</h2>
+</div>
 <p>The application <strong>{{ client_id }}</strong> wants to authenticate you.</p>
+{% endif %}
 
 {% if scope %}
 <p>Requested permissions: <code>{{ scope }}</code></p>