#28 When authentication is enabled, login should be forced

This security enhancement has been implemented. When authentication is enabled, login is now properly enforced with tightened public paths. Key improvements: - Restricted public access to only essential endpoints - Enhanced authentication middleware (src/auth_middleware.cpp) - Updated route protection in server implementation (src/server.cpp) - Security testing scripts (test_auth_security.cpp) - Updated security documentation (AUTHENTICATION_SECURITY_GUIDE.md) These changes ensure that when authentication is enabled, users must properly authenticate before accessing protected resources.