Add Authority Advisory AI and API Lifecycle Configuration

- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings.
- Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations.
- Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration.
- Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options.
- Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations.
- Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client.
- Updated project file to include necessary package references for the new Issuer Directory Client library.

src/__Libraries/StellaOps.Configuration/AuthorityApiLifecycleOptions.cs

@@ -0,0 +1,77 @@
+using System;
+
+namespace StellaOps.Configuration;
+
+/// <summary>
+/// API lifecycle controls for the Authority service.
+/// </summary>
+public sealed class AuthorityApiLifecycleOptions
+{
+    /// <summary>
+    /// Settings for the legacy OAuth endpoint shim (/oauth/* → canonical).
+    /// </summary>
+    public AuthorityLegacyAuthEndpointOptions LegacyAuth { get; } = new();
+
+    internal void Validate()
+    {
+        LegacyAuth.Validate();
+    }
+}
+
+/// <summary>
+/// Configuration for legacy OAuth endpoint shims and deprecation signalling.
+/// </summary>
+public sealed class AuthorityLegacyAuthEndpointOptions
+{
+    private static readonly DateTimeOffset DefaultDeprecationDate = new(2025, 11, 1, 0, 0, 0, TimeSpan.Zero);
+    private static readonly DateTimeOffset DefaultSunsetDate = new(2026, 5, 1, 0, 0, 0, TimeSpan.Zero);
+
+    /// <summary>
+    /// Enables the legacy endpoint shim that routes /oauth/* to the canonical endpoints.
+    /// </summary>
+    public bool Enabled { get; set; } = true;
+
+    /// <summary>
+    /// Date when clients should consider the legacy endpoints deprecated.
+    /// </summary>
+    public DateTimeOffset DeprecationDate { get; set; } = DefaultDeprecationDate;
+
+    /// <summary>
+    /// Date when legacy endpoints will be removed.
+    /// </summary>
+    public DateTimeOffset SunsetDate { get; set; } = DefaultSunsetDate;
+
+    /// <summary>
+    /// Optional documentation URL included in the Sunset link header.
+    /// </summary>
+    public string? DocumentationUrl { get; set; } = "https://docs.stella-ops.org/authority/legacy-auth";
+
+    internal void Validate()
+    {
+        if (!Enabled)
+        {
+            return;
+        }
+
+        var normalizedDeprecation = DeprecationDate.ToUniversalTime();
+        var normalizedSunset = SunsetDate.ToUniversalTime();
+
+        if (normalizedSunset <= normalizedDeprecation)
+        {
+            throw new InvalidOperationException("Legacy auth sunset date must be after the deprecation date.");
+        }
+
+        DeprecationDate = normalizedDeprecation;
+        SunsetDate = normalizedSunset;
+
+        if (!string.IsNullOrWhiteSpace(DocumentationUrl))
+        {
+            if (!Uri.TryCreate(DocumentationUrl, UriKind.Absolute, out var uri) ||
+                (uri.Scheme != Uri.UriSchemeHttps && uri.Scheme != Uri.UriSchemeHttp))
+            {
+                throw new InvalidOperationException("Legacy auth documentation URL must be an absolute HTTP or HTTPS URL.");
+            }
+        }
+    }
+}
+