wire in auth0 in cilent report and client admin

[tevko]

Introduces environment variable based auth0 config. Protects API routes that use LLMs.

Requires new env files for client-admin and client-report - these are the "switches" for auth0 vs in-house authentication strategy.

A new codepath is introduced such that when a user signs in for the first time through auth0, a new user account in pol.is is also created for them on the fly.

While this PR introduces a new method for authorization, it maintains the use of tracking user activity throughout the application using cookies. This can be simplified, but is probably outside of the scope of the goals accomplished in this PR and will take much longer to accomplish