feat: add NHS CIS2 authentication provider

[felixmccuaig]

Summary

This PR adds support for NHS Care Identity Service 2 (CIS2) OAuth authentication, the identity management system used by the UK National Health Service.

Changes

• Add nhs_cis2 provider with OIDC endpoints for the Healthcare realm
• Support NHS-specific claims (uid, nhsid_nrbac_roles, id_assurance_level, authentication_assurance_level, selected_roleid)
• Add comprehensive unit tests for provider functionality
• Add API integration tests following existing patterns (external_nhs_cis2_test.go)
• Add configuration and environment variable documentation

Files Changed

• internal/api/provider/nhs_cis2.go - Main provider implementation
• internal/api/provider/nhs_cis2_test.go - Provider unit tests
• internal/api/external_nhs_cis2_test.go - API integration tests
• internal/api/external.go - Register provider in switch statement
• internal/conf/configuration.go - Add NHSCIS2 configuration
• example.env - Document environment variables

Configuration

GOTRUE_EXTERNAL_NHS_CIS2_ENABLED="true"
GOTRUE_EXTERNAL_NHS_CIS2_CLIENT_ID="your-client-id"
GOTRUE_EXTERNAL_NHS_CIS2_SECRET="your-client-secret"
GOTRUE_EXTERNAL_NHS_CIS2_REDIRECT_URI="https://your-app.com/auth/callback"
GOTRUE_EXTERNAL_NHS_CIS2_URL="https://am.nhsidentity.spineservices.nhs.uk"

Documentation

• NHS CIS2: https://digital.nhs.uk/services/care-identity-service

Test plan

• [x] Unit tests for provider creation and validation
• [x] Unit tests for user data unmarshalling
• [x] API integration tests for OAuth flow
• [x] Build passes
• [ ] Manual testing with NHS CIS2 integration environment