Add API endpoints for resource metadata management (ownership & permissions)

New types: UpdateResourceMetadataRequest and GetResourceMetadataResponse in types.go
    AuthService methods: StoreResourceMetadata and GetResourceMetadata in auth/auth.go
    Handlers: getResourceMetadataHandler and updateResourceMetadataHandler in server/handlers.go
    Routes: /kv/{path}/metadata (GET for read, PUT for update) with auth middleware in server/routes.go

Enables fine-grained control over KV path ownership, group assignments, and POSIX-inspired permissions.

server/routes.go

@@ -39,6 +39,19 @@ func (s *Server) setupRoutes() *mux.Router {
 		router.HandleFunc("/kv/{path:.+}", s.deleteKVHandler).Methods("DELETE")
 	}
 
+	// Resource Metadata endpoints (available when auth is enabled)
+	if s.config.AuthEnabled {
+		// GET metadata - require read permission
+		router.Handle("/kv/{path:.+}/metadata", s.authService.Middleware(
+			[]string{"read"}, func(r *http.Request) string { return mux.Vars(r)["path"] }, "read",
+		)(s.getResourceMetadataHandler)).Methods("GET")
+		
+		// PUT metadata - require write permission (owner write)
+		router.Handle("/kv/{path:.+}/metadata", s.authService.Middleware(
+			[]string{"write"}, func(r *http.Request) string { return mux.Vars(r)["path"] }, "write",
+		)(s.updateResourceMetadataHandler)).Methods("PUT")
+	}
+
 	// Member endpoints (available when clustering is enabled)
 	if s.config.ClusteringEnabled {
 		router.HandleFunc("/members/", s.getMembersHandler).Methods("GET")