feat(auth): add Casdoor SSO integration via django-allauth

Integrate OIDC-based SSO authentication through Casdoor using
django-allauth. Adds configuration for enabling SSO, custom account
adapters, and an optional SSL verification bypass for sandbox
environments with self-signed certificates.

- Add CASDOOR_* and ALLOW_LOCAL_LOGIN env vars to .env.example and
  docker-compose (app service only)
- Configure allauth with openid_connect provider for Casdoor
- Register custom adapters (CasdoorAccountAdapter, LocalAccountAdapter)
- Apply SSL patch early in settings when CASDOOR_SSL_VERIFY=false

pyproject.toml

@@ -36,6 +36,8 @@ dependencies = [
     "uvicorn[standard]>=0.30,<1.0",
     # Phase 6: Per-turn signed JWTs from Daedalus
     "PyJWT>=2.8,<3.0",
+    # SSO
+    "django-allauth[openid_connect]>=65.0,<66.0",
 ]
 
 [project.optional-dependencies]