feat(mobile): implement OAuth2 Authorization Code with PKCE

[Datzu712]

refactor: update expo to v56 and add full documentation for auth flows.
feat(docker): add test SMTP server for local development

todo:

• missing refresh token flow

[gitguardian]

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

---

^{_{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}}

[Copilot]

Pull request overview

Implements OAuth2 Authorization Code + PKCE login on the mobile app against Keycloak, upgrades Expo to v56, and adds Mailpit + a Keycloak realm export to the local Docker stack. Also touches docs (root README, mobile README, CONTRIBUTING) to describe the new auth flows and local services, and bumps the root Node engine to 22.

Changes:

• Mobile auth: new lib/auth/{config,session,pending-auth,token-refresh,token-claims}.ts, AuthProvider with session restore + periodic refresh, (auth)/login.tsx + callback.tsx doing PKCE token exchange, protected routes in _layout.tsx, and profile screen using real user claims.
• Tooling/infra: Expo 55→56 upgrade (drops @react-navigation/*, switches to expo-router/react-navigation), Mailpit + extra Keycloak hostname env in docker/local/docker-compose.yml, exported mab realm JSON, Node engine bumped to >=22, commitlint subject-case softened to warning.
• Docs: new sections in root README for local services, Keycloak setup and auth flow descriptions; mobile README expanded with Android emulator / physical device setup; CONTRIBUTING gains an apps detail section.

Reviewed changes

Copilot reviewed 28 out of 31 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
README.md	Adds local services table, Keycloak setup, and auth flow docs
pnpm-workspace.yaml	Allows msgpackr-extract build
package.json	Bumps Node engine to >=22
docs/specs/spec-hu-aut.md	Empty placeholder spec file
docker/local/kc-exports/mab-dev-realm.json	New Keycloak realm export with mobile (public, PKCE) and admin-dashboard (confidential) clients
docker/local/docker-compose.yml	Adds Mailpit, env_file, and hostname settings for Keycloak; bumps Redis image
docker/local/.env.example	Adds Mailpit ports; duplicates KEYCLOAK_HOSTNAME
CONTRIBUTING.md	Adds per-app docs links with a placeholder
commitlint.config.js	Lowers subject-case to warning
apps/restapi/src/common/logger/logger.module.ts	Renames pino logger to mab-gateway
apps/mobile/scripts/reset-project.js	Removed
apps/mobile/README.md	Adds setup for emulator/physical device; outdated stack info remains
apps/mobile/package.json	Expo 56 upgrade, adds expo-auth-session/expo-secure-store, drops @react-navigation/*
apps/mobile/lib/auth/token-refresh.ts	Refresh-token grant + isExpiringSoon helper
apps/mobile/lib/auth/token-claims.ts	Local JWT payload decode + extractUserFromToken
apps/mobile/lib/auth/session.ts	SecureStore-backed session persistence
apps/mobile/lib/auth/pending-auth.ts	SecureStore-backed PKCE verifier/state
apps/mobile/lib/auth/config.ts	Keycloak config + loopback→devServer hostname rewrite
apps/mobile/context/auth-context.tsx	AuthProvider with session restore, periodic refresh, sign-out
apps/mobile/components/haptic-tab.tsx	Switch to expo-router/react-navigation imports
apps/mobile/app/callback.tsx	Performs PKCE token exchange and persists session
apps/mobile/app/(tabs)/profile.tsx	Wires display name/email/logout from auth context
apps/mobile/app/(tabs)/_layout.tsx	Adjusts tab icon types; casts HapticTab to any
apps/mobile/app/(auth)/login.tsx	PKCE login screen using expo-auth-session
apps/mobile/app/(auth)/_layout.tsx	New auth stack layout
apps/mobile/app/_layout.tsx	Wraps app with AuthProvider; uses Stack.Protected guards
apps/mobile/app.json	Sets scheme to mindandbody
apps/mobile/.env.example	Adds Keycloak / redirect env vars
.vscode/settings.json	Toggles Snyk auto-select and disables Discord plugin

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.