feat: implement resource metadata management API (issue #12)

Add API endpoints to manage ResourceMetadata (ownership, groups, permissions)
for KV resources. This enables administrators to configure granular access
control for stored data.

Changes:
- Add GetResourceMetadataResponse and UpdateResourceMetadataRequest types
- Add GetResourceMetadata and SetResourceMetadata methods to AuthService
- Add GET /kv/{path}/metadata endpoint (requires admin:users:read)
- Add PUT /kv/{path}/metadata endpoint (requires admin:users:update)
- Both endpoints protected by JWT authentication

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

server/routes.go

@@ -117,6 +117,16 @@ func (s *Server) setupRoutes() *mux.Router {
 		router.Handle("/auth/cluster-bootstrap", s.authService.Middleware(
 			[]string{"admin:tokens:create"}, nil, "",
 		)(s.clusterBootstrapHandler)).Methods("GET")
+
+		// Resource Metadata Management endpoints (Issue #12) - Protected by JWT authentication
+		// Allows administrators to manage ownership, groups, and permissions for KV resources
+		router.Handle("/kv/{path:.+}/metadata", s.authService.Middleware(
+			[]string{"admin:users:read"}, nil, "",
+		)(s.getResourceMetadataHandler)).Methods("GET")
+
+		router.Handle("/kv/{path:.+}/metadata", s.authService.Middleware(
+			[]string{"admin:users:update"}, nil, "",
+		)(s.updateResourceMetadataHandler)).Methods("PUT")
 	}
 
 	// Revision History endpoints (available when revision history is enabled)