feat: V2 microservices stack — backend services, gateway, JWT auth

Add full V2 architecture: identity, content, studio (.NET 10) and file,
render, notification, gateway (Go) services with vendored deps, plus DB
migrations, event/API contracts, and an init-db script.

Wire the Next.js frontend to the gateway: server-side JWT auth routes
(login/register/refresh/logout/me), gateway fetch helper, and session/
cookie/jwt helpers under src/lib.

Containerize the stack via docker-compose.v2.yml and per-service
Dockerfiles. Base images resolve through a Nexus mirror (Docker Hub) and
MCR directly; npm/NuGet pull from Nexus groups. Self-host fonts via
next/font/local to avoid Google Fonts (geo-blocked).

Add CI workflow and ignore .env.v2, *.stackdump, and .NET bin/obj.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

src/app/auth/sign-out/route.ts

@@ -1,11 +1,24 @@
+import { cookies } from "next/headers";
 import { NextResponse } from "next/server";
 
-import { createClient } from "@/lib/supabase/server";
+import { gatewayFetch } from "@/lib/api/gateway";
+import { ACCESS_TOKEN_COOKIE } from "@/lib/auth/constants";
+import { clearAuthCookies } from "@/lib/auth/cookies";
 
 export async function POST(request: Request) {
-  const supabase = await createClient();
-  await supabase.auth.signOut();
+  const token = (await cookies()).get(ACCESS_TOKEN_COOKIE)?.value;
+  if (token) {
+    try {
+      await gatewayFetch("/v1/auth/logout", {
+        method: "POST",
+        headers: { Authorization: `Bearer ${token}` },
+      });
+    } catch {
+      /* best-effort revoke */
+    }
+  }
 
   const { origin } = new URL(request.url);
-  return NextResponse.redirect(`${origin}/auth`, { status: 303 });
+  const res = NextResponse.redirect(`${origin}/auth`, { status: 303 });
+  return clearAuthCookies(res);
 }