feat: add authz-adapter service and Envoy ext_authz integration

- Implemented authz-adapter deployment and service for Envoy gRPC authorization.
- Created PowerShell script to generate JWK for JWT authentication.
- Documented the integration of ext_authz with user-rpc.ValidateToken in ENVOY_EXT_AUTHZ_ADAPTER.md.
- Added comprehensive Envoy Gateway configuration guide with JWT authentication and access control in ENVOY_GATEWAY_GUIDE.md.

app/authz/adapter/README.md

@@ -0,0 +1,31 @@
+# authz-adapter
+
+Envoy `ext_authz` 适配服务，实现 `envoy.service.auth.v3.Authorization`，并调用 `user-rpc.ValidateToken`。
+
+## 环境变量
+
+- `LISTEN_ON`：监听地址，默认 `0.0.0.0:9002`
+- `USER_RPC_TARGET`：user-rpc 地址，默认 `user-rpc-svc.juwan.svc.cluster.local:9001`
+
+## 本地运行
+
+```powershell
+go run ./app/authz/adapter
+```
+
+## Docker 构建
+
+在仓库根目录执行：
+
+```powershell
+docker build -f app/authz/adapter/Dockerfile -t authz-adapter:local .
+docker run --rm -p 9002:9002 authz-adapter:local
+```
+
+## 说明
+
+- 放行路径：`/healthz`、`/api/users/login`、`/api/users/register`
+- 受保护路径：其余请求要求
+  - Cookie 中有 `JToken`
+  - Header 中有 `x-auth-user-id`（由 Envoy `jwt_authn` 注入）
+- 鉴权通过后回传：`x-auth-user-id`、`x-auth-role-type`