feat: add username-password login flow via authentik token endpoint

docs/FRONTEND_API_CONTRACT.md

@@ -2,6 +2,31 @@
 
 Base URL：`https://memberapi.ose.tw`
 
+## 0. 帳號密碼登入
+### POST `/auth/login`
+Request:
+```json
+{
+  "username": "your-authentik-username",
+  "password": "your-password"
+}
+```
+
+200 Response:
+```json
+{
+  "access_token": "<jwt>",
+  "token_type": "Bearer",
+  "expires_in": 3600,
+  "scope": "openid profile email"
+}
+```
+
+401 Response:
+```json
+{ "detail": "invalid_username_or_password" }
+```
+
 ## 1. 使用者資訊
 ### GET `/me`
 Headers:

docs/FRONTEND_ARCHITECTURE.md

@@ -44,7 +44,8 @@
 
 ## 5. Token 與 Header 策略
 - 使用者路由（`/me*`）
-  - header: `Authorization: Bearer <authentik_access_token>`
+  - 登入用 `POST /auth/login`（帳號密碼）取得 access token
+  - header: `Authorization: Bearer <access_token>`
 - 管理路由（`/admin*`）
   - headers:
     - `X-Client-Key`