feat(auth): implement master key authentication system with child key issuance

Add admin and master authentication layers with JWT support. Replace direct
key creation with hierarchical master/child key system. Update database
schema to support master accounts with configurable limits and epoch-based
key revocation. Add health check endpoint with system status monitoring.

BREAKING CHANGE: Removed direct POST /keys endpoint in favor of master-based
key issuance through /v1/tokens. Database migration requires dropping old User
table and creating Master table with new relationships.

internal/api/handler.go

@@ -22,39 +22,7 @@ func NewHandler(db *gorm.DB, sync *service.SyncService, logger *service.LogWrite
 	return &Handler{db: db, sync: sync, logger: logger}
 }
 
-func (h *Handler) CreateKey(c *gin.Context) {
-	var req dto.KeyDTO
-	if err := c.ShouldBindJSON(&req); err != nil {
-		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
-		return
-	}
-
-	group := strings.TrimSpace(req.Group)
-	if group == "" {
-		group = "default"
-	}
-
-	key := model.Key{
-		KeySecret: req.KeySecret,
-		Group:     group,
-		Balance:   req.Balance,
-		Status:    req.Status,
-		Weight:    req.Weight,
-	}
-
-	if err := h.db.Create(&key).Error; err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create key", "details": err.Error()})
-		return
-	}
-
-	// Write auth hash and refresh snapshots
-	if err := h.sync.SyncKey(&key); err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to sync key to Redis", "details": err.Error()})
-		return
-	}
-
-	c.JSON(http.StatusCreated, key)
-}
+// CreateKey is now handled by MasterHandler
 
 func (h *Handler) CreateProvider(c *gin.Context) {
 	var req dto.ProviderDTO