feat: add Swagger UI and OpenAPI spec for backend APIs

[antcybersec]

Closes #143

Summary

• Implemented Swagger/OpenAPI documentation for the backend API to provide a single, interactive source of truth for integrations.
• Added Swagger UI at GET /api-docs and exposed the raw spec at GET /openapi.yaml.
• Added a full OpenAPI 3.0.3 definition in backend/api/openapi.yaml covering all existing REST endpoints, request bodies, response schemas, and auth requirements.

What Changed

• Updated backend/internal/routes/routes.go:
  • Serve OpenAPI file via router.StaticFile("/openapi.yaml", "./api/openapi.yaml")
  • Added /api-docs route to render Swagger UI
• Added backend/api/openapi.yaml:
  • Documented all routes:
    • GET /health
    • POST /signup
    • POST /login
    • POST /api/user/logout
    • GET /api/user/todo
    • POST /api/user/todo
    • PATCH /api/user/todo/{id}
    • DELETE /api/user/todo/{id}
  • Included endpoint metadata (summary, description, tags)
  • Added request/response models for success + common errors (400, 401, 404, 500)
  • Added JWT bearer security scheme (BearerAuth) and applied it to protected endpoints

Acceptance Criteria Mapping

• Endpoint Metadata: Added for all endpoints in openapi.yaml.
• Request/Response Models: Added schemas for success and common errors.
• Authentication: Bearer token security scheme defined and usable via Swagger UI “Authorize”.
• Validation: OpenAPI spec validated successfully (openapi validation: ok).
• Accessibility: Docs are exposed at /api-docs and /openapi.yaml for local/staging use.

Test Plan

• Run backend server
• Open http://localhost:8080/api-docs
• Verify all endpoints appear under proper tags
• Use POST /login to get a token, click Authorize, and test protected todo endpoints
• Confirm http://localhost:8080/openapi.yaml is accessible and renders raw spec