feat: Document completed tasks for KMS, Cryptography, and Plugin Libraries

- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys.
- Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations.
- Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.

etc/authority.yaml

@@ -17,12 +17,13 @@ storage:
   databaseName: "stellaops_authority"
   commandTimeout: "00:00:30"
 
-signing:
-  enabled: true
-  activeKeyId: "authority-signing-dev"
-  keyPath: "../certificates/authority-signing-dev.pem"
-  algorithm: "ES256"
-  keySource: "file"
+signing:
+  enabled: true
+  activeKeyId: "authority-signing-dev"
+  keyPath: "../certificates/authority-signing-dev.pem"
+  algorithm: "ES256"
+  keySource: "file"
+  jwksCacheLifetime: "00:05:00"
 
 bootstrap:
   enabled: false

etc/authority.yaml.sample

@@ -24,17 +24,18 @@ storage:
   commandTimeout: "00:00:30"
 
 # Signing configuration for revocation bundles and JWKS.
-signing:
-  enabled: true
-  activeKeyId: "authority-signing-2025-dev"
-  keyPath: "../certificates/authority-signing-2025-dev.pem"
-  algorithm: "ES256"
-  keySource: "file"
-  # provider: "default"
-  additionalKeys:
-    - keyId: "authority-signing-dev"
-      path: "../certificates/authority-signing-dev.pem"
-      source: "file"
+signing:
+  enabled: true
+  activeKeyId: "authority-signing-2025-dev"
+  keyPath: "../certificates/authority-signing-2025-dev.pem"
+  algorithm: "ES256"
+  keySource: "file"
+  jwksCacheLifetime: "00:05:00"
+  # provider: "default"
+  additionalKeys:
+    - keyId: "authority-signing-dev"
+      path: "../certificates/authority-signing-dev.pem"
+      source: "file"
   # Rotation flow:
   #   1. Generate a new PEM under ./certificates (e.g. authority-signing-2026-dev.pem).
   #   2. Trigger the .gitea/workflows/authority-key-rotation.yml workflow (or run