fix: enforce @RolesAllowed on microservice resources

[Ma77Ball]

What changes were proposed in this PR?

@RolesAllowed annotations on config-service, computing-unit-managing-service, and workflow-compiling-service resources were decorative because none of these services registered Jersey's RolesAllowedDynamicFeature. This PR registers that feature in each service's run(...). For workflow-compiling-service, which was not registering JWT auth at all, this PR also registers AuthDynamicFeature(JwtAuthFilter) and the SessionUser AuthValueFactoryProvider.Binder, and adds Auth as an sbt dependency for the module. access-control-service and file-service use no @RolesAllowed today and were intentionally left alone to keep the change minimal.

Any related issues, documentation, or discussions?

Closes: #4904

How was this PR tested?

Added ConfigServiceRunSpec (mirrors AccessControlServiceRunSpec) that mocks the Jersey environment and verifies RolesAllowedDynamicFeature is registered when ConfigService.run runs. The same one-line registration applies to the other two services; tests there would require either refactoring SqlServer.initConnection out of run or static-mocking the Scala SqlServer object, both of which are larger than the fix itself, so they are out of scope. Manual verification via the reproduction in the issue (low-role JWT against an annotated endpoint should now return 403; unauthenticated request to WorkflowCompilationResource should now return 401).

Was this PR authored or co-authored using generative AI tooling?

Co-authored with Claude Opus 4.7 in compliance with ASF

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 42.95%. Comparing base (1ea368d) to head (993e28b).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #5049      +/-   ##
============================================
- Coverage     43.06%   42.95%   -0.12%     
- Complexity     2211     2218       +7     
============================================
  Files          1045     1045              
  Lines         40216    40143      -73     
  Branches       4243     4244       +1     
============================================
- Hits          17321    17243      -78     
+ Misses        21829    21826       -3     
- Partials       1066     1074       +8     

Flag	Coverage Δ		*Carryforward flag
access-control-service	39.53% <ø> (ø)
agent-service	33.72% <ø> (ø)		Carriedforward from bb795a0
amber	43.79% <ø> (-0.03%)	⬇️
computing-unit-managing-service	5.26% <100.00%> (+5.26%)	⬆️
config-service	19.67% <100.00%> (+19.67%)	⬆️
file-service	32.18% <ø> (ø)
frontend	33.93% <ø> (-0.01%)	⬇️	Carriedforward from bb795a0
python	89.07% <ø> (-1.30%)	⬇️	Carriedforward from bb795a0
workflow-compiling-service	59.55% <100.00%> (+11.83%)	⬆️

*This pull request uses carry forward flags. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Ma77Ball]

/request-review @Yicong-Huang

[Ma77Ball]

@Yicong-Huang please review