feat(02-03): define common auth contracts

- Add OIDC result and expect client seam with pinned native AppAuth semantics
- Add secure AuthState JSON store contract and JVM dev actuals for test compilation

composeApp/src/jvmMain/kotlin/dev/ulfrx/recipe/auth/OidcClient.jvm.kt

@@ -0,0 +1,36 @@
+@file:Suppress("EXPECT_ACTUAL_CLASSIFIERS_ARE_IN_BETA_WARNING")
+
+package dev.ulfrx.recipe.auth
+
+actual class OidcClient {
+    actual suspend fun login(): OidcResult {
+        val token = System.getenv(DEV_AUTH_TOKEN)
+            ?: return OidcResult.AuthError("DEV_AUTH_TOKEN is not set")
+
+        return OidcResult.Success(
+            authStateJson = "dev:$token",
+            accessToken = token,
+            idToken = null,
+            expiresAtEpochMillis = Long.MAX_VALUE,
+        )
+    }
+
+    actual suspend fun refresh(authStateJson: String): OidcResult {
+        val token = authStateJson.removePrefix("dev:").takeIf { it.isNotBlank() }
+            ?: System.getenv(DEV_AUTH_TOKEN)
+            ?: return OidcResult.AuthError("DEV_AUTH_TOKEN is not set")
+
+        return OidcResult.Success(
+            authStateJson = "dev:$token",
+            accessToken = token,
+            idToken = null,
+            expiresAtEpochMillis = Long.MAX_VALUE,
+        )
+    }
+
+    actual suspend fun logout(authStateJson: String) = Unit
+
+    private companion object {
+        const val DEV_AUTH_TOKEN = "DEV_AUTH_TOKEN"
+    }
+}

composeApp/src/jvmMain/kotlin/dev/ulfrx/recipe/auth/SecureAuthStateStore.jvm.kt

@@ -0,0 +1,17 @@
+@file:Suppress("EXPECT_ACTUAL_CLASSIFIERS_ARE_IN_BETA_WARNING")
+
+package dev.ulfrx.recipe.auth
+
+actual class SecureAuthStateStore {
+    private var authStateJson: String? = null
+
+    actual fun read(): String? = authStateJson
+
+    actual fun write(authStateJson: String) {
+        this.authStateJson = authStateJson
+    }
+
+    actual fun clear() {
+        authStateJson = null
+    }
+}