Add tests and implement StubBearer authentication for Signer endpoints

- Created SignerEndpointsTests to validate the SignDsse and VerifyReferrers endpoints.
- Implemented StubBearerAuthenticationDefaults and StubBearerAuthenticationHandler for token-based authentication.
- Developed ConcelierExporterClient for managing Trivy DB settings and export operations.
- Added TrivyDbSettingsPageComponent for UI interactions with Trivy DB settings, including form handling and export triggering.
- Implemented styles and HTML structure for Trivy DB settings page.
- Created NotifySmokeCheck tool for validating Redis event streams and Notify deliveries.

src/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/AuthorityPluginContracts.cs

@@ -1,7 +1,10 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
+using System.Threading;
+using System.Threading.Tasks;
 using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
 
 namespace StellaOps.Authority.Plugins.Abstractions;
 
@@ -95,24 +98,24 @@ public interface IAuthorityPluginRegistry
 public interface IAuthorityIdentityProviderRegistry
 {
     /// <summary>
-    /// Gets all registered identity provider plugins keyed by logical name.
+    /// Gets metadata for all registered identity provider plugins.
     /// </summary>
-    IReadOnlyCollection<IIdentityProviderPlugin> Providers { get; }
+    IReadOnlyCollection<AuthorityIdentityProviderMetadata> Providers { get; }
 
     /// <summary>
-    /// Gets identity providers that advertise password support.
+    /// Gets metadata for identity providers that advertise password support.
     /// </summary>
-    IReadOnlyCollection<IIdentityProviderPlugin> PasswordProviders { get; }
+    IReadOnlyCollection<AuthorityIdentityProviderMetadata> PasswordProviders { get; }
 
     /// <summary>
-    /// Gets identity providers that advertise multi-factor authentication support.
+    /// Gets metadata for identity providers that advertise multi-factor authentication support.
     /// </summary>
-    IReadOnlyCollection<IIdentityProviderPlugin> MfaProviders { get; }
+    IReadOnlyCollection<AuthorityIdentityProviderMetadata> MfaProviders { get; }
 
     /// <summary>
-    /// Gets identity providers that advertise client provisioning support.
+    /// Gets metadata for identity providers that advertise client provisioning support.
     /// </summary>
-    IReadOnlyCollection<IIdentityProviderPlugin> ClientProvisioningProviders { get; }
+    IReadOnlyCollection<AuthorityIdentityProviderMetadata> ClientProvisioningProviders { get; }
 
     /// <summary>
     /// Aggregate capability flags across all registered providers.
@@ -120,20 +123,89 @@ public interface IAuthorityIdentityProviderRegistry
     AuthorityIdentityProviderCapabilities AggregateCapabilities { get; }
 
     /// <summary>
-    /// Attempts to resolve an identity provider by name.
+    /// Attempts to resolve identity provider metadata by name.
     /// </summary>
-    bool TryGet(string name, [NotNullWhen(true)] out IIdentityProviderPlugin? provider);
+    bool TryGet(string name, [NotNullWhen(true)] out AuthorityIdentityProviderMetadata? metadata);
 
     /// <summary>
-    /// Resolves an identity provider by name or throws when not found.
+    /// Resolves identity provider metadata by name or throws when not found.
     /// </summary>
-    IIdentityProviderPlugin GetRequired(string name)
+    AuthorityIdentityProviderMetadata GetRequired(string name)
     {
-        if (TryGet(name, out var provider))
+        if (TryGet(name, out var metadata))
         {
-            return provider;
+            return metadata;
         }
 
         throw new KeyNotFoundException($"Identity provider plugin '{name}' is not registered.");
     }
+
+    /// <summary>
+    /// Acquires a scoped handle to the specified identity provider.
+    /// </summary>
+    /// <param name="name">Logical provider name.</param>
+    /// <param name="cancellationToken">Cancellation token.</param>
+    /// <returns>Handle managing the provider instance lifetime.</returns>
+    ValueTask<AuthorityIdentityProviderHandle> AcquireAsync(string name, CancellationToken cancellationToken);
+}
+
+/// <summary>
+/// Immutable metadata describing a registered identity provider.
+/// </summary>
+/// <param name="Name">Logical provider name from the manifest.</param>
+/// <param name="Type">Provider type identifier.</param>
+/// <param name="Capabilities">Capability flags advertised by the provider.</param>
+public sealed record AuthorityIdentityProviderMetadata(
+    string Name,
+    string Type,
+    AuthorityIdentityProviderCapabilities Capabilities);
+
+/// <summary>
+/// Represents a scoped identity provider instance and manages its disposal.
+/// </summary>
+public sealed class AuthorityIdentityProviderHandle : IAsyncDisposable, IDisposable
+{
+    private readonly AsyncServiceScope scope;
+    private bool disposed;
+
+    public AuthorityIdentityProviderHandle(AsyncServiceScope scope, AuthorityIdentityProviderMetadata metadata, IIdentityProviderPlugin provider)
+    {
+        this.scope = scope;
+        Metadata = metadata ?? throw new ArgumentNullException(nameof(metadata));
+        Provider = provider ?? throw new ArgumentNullException(nameof(provider));
+    }
+
+    /// <summary>
+    /// Gets the metadata associated with the provider instance.
+    /// </summary>
+    public AuthorityIdentityProviderMetadata Metadata { get; }
+
+    /// <summary>
+    /// Gets the active provider instance.
+    /// </summary>
+    public IIdentityProviderPlugin Provider { get; }
+
+    /// <inheritdoc />
+    public void Dispose()
+    {
+        if (disposed)
+        {
+            return;
+        }
+
+        disposed = true;
+        scope.Dispose();
+    }
+
+    /// <inheritdoc />
+    public async ValueTask DisposeAsync()
+    {
+        if (disposed)
+        {
+            return;
+        }
+
+        disposed = true;
+        await scope.DisposeAsync().ConfigureAwait(false);
+    }
 }