feat(auth+admin): Sign in with Google (OAuth) + Integrations config panel

Backend (identity-svc):
- oauth_config table (mig 22) + OAuthConfig entity
- OAuthService: admin config CRUD + Google authorization-code flow (build consent
  URL, exchange code, fetch userinfo, find/create RegisterMode.Google user, issue
  session via AuthService.IssueOAuthSessionAsync)
- AuthController: GET /v1/auth/google/{start,callback} (public); tokens handed to
  frontend via URL fragment
- AdminController: GET/PUT /v1/admin/oauth/{provider} (admin, secret masked)

Frontend:
- "ورود با گوگل" button on /auth → identity start endpoint
- /auth/callback reads fragment tokens → /api/auth/oauth-session sets httpOnly cookies
- /admin/integrations: Google client_id/secret/redirect_uri + enable, with setup guide
- nav + fa/en labels

Client ID/Secret are configured entirely in the admin panel — no redeploy needed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

services/identity/FlatRender.IdentitySvc/Infrastructure/Data/IdentityDbContext.cs

@@ -31,6 +31,9 @@ public class IdentityDbContext(DbContextOptions<IdentityDbContext> options) : Db
     // CRM
     public DbSet<UserCrm> UserCrms => Set<UserCrm>();
 
+    // OAuth providers
+    public DbSet<OAuthConfig> OAuthConfigs => Set<OAuthConfig>();
+
     // Gamification
     public DbSet<Quest> Quests => Set<Quest>();
     public DbSet<UserQuestProgress> UserQuestProgresses => Set<UserQuestProgress>();
@@ -56,6 +59,12 @@ public class IdentityDbContext(DbContextOptions<IdentityDbContext> options) : Db
             e.ToTable("user_crm");
             e.HasKey(x => x.UserId);
         });
+
+        mb.Entity<OAuthConfig>(e =>
+        {
+            e.ToTable("oauth_config");
+            e.HasKey(x => x.Provider);
+        });
     }
 
     private static void ConfigureTenants(ModelBuilder mb)