feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint.
- Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately.
- Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly.
- Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.

docs/ARCHITECTURE_AUTHORITY.md

@@ -302,6 +302,18 @@ authority:
       auth: { type: "mtls" }
       senderConstraint: "mtls"
       scopes: [ "signer.sign" ]
+    - clientId: notify-web-dev
+      grantTypes: [ "client_credentials" ]
+      audiences: [ "notify.dev" ]
+      auth: { type: "client_secret", secretFile: "/secrets/notify-web-dev.secret" }
+      senderConstraint: "dpop"
+      scopes: [ "notify.read", "notify.admin" ]
+    - clientId: notify-web
+      grantTypes: [ "client_credentials" ]
+      audiences: [ "notify" ]
+      auth: { type: "client_secret", secretFile: "/secrets/notify-web.secret" }
+      senderConstraint: "dpop"
+      scopes: [ "notify.read", "notify.admin" ]
 ```
 
 ---