Wire auth middleware into all products, add docker-compose and init-db script

- Auth middleware (JWT + API key + RBAC) copied into P3/P4/P5/P6
- All server entry points now register auth hooks + auth routes
- Webhook and Slack endpoints skip JWT auth (use HMAC/signature)
- docker-compose.yml: shared Postgres + Redis + Meilisearch, all 4 Node products as services
- init-db.sh: creates per-product databases and runs migrations
- P1 (Rust) and P2 (Go agent) run standalone, not in compose

products/05-aws-cost-anomaly/src/index.ts

@@ -2,6 +2,8 @@ import Fastify from 'fastify';
 import cors from '@fastify/cors';
 import pino from 'pino';
 import { config } from './config/index.js';
+import { pool } from './data/db.js';
+import { registerAuth, registerAuthRoutes } from './auth/middleware.js';
 import { registerAnomalyRoutes } from './api/anomalies.js';
 import { registerBaselineRoutes } from './api/baselines.js';
 import { registerGovernanceRoutes } from './api/governance.js';
@@ -13,8 +15,11 @@ const app = Fastify({ logger: true });
 
 await app.register(cors, { origin: config.CORS_ORIGIN });
 
+registerAuth(app, config.JWT_SECRET, pool);
+
 app.get('/health', async () => ({ status: 'ok', service: 'dd0c-cost' }));
 
+registerAuthRoutes(app, config.JWT_SECRET, pool);
 registerIngestionRoutes(app);
 registerAnomalyRoutes(app);
 registerBaselineRoutes(app);