Fix: worker host crashed on DI validation — HTTP auth stack is web-only

IdentityModule registered AddAuthentication/AddJwtBearer/AddAuthorization in both hosts,
but the authorization policy cache requires endpoint routing (EndpointDataSource), which a
Generic Host worker doesn't have — Development's ValidateOnBuild crashed the worker at boot
(found by running it; tests always used WebApplicationFactory). The auth stack now registers
only when IWebHostEnvironment is present; ICurrentUser stays available everywhere (reports
unauthenticated off-request). Verified: worker boots + drains (processor started, heartbeats
healthy); IdentityFlowTests + ReviewFlowTests green.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

src/Modules/TeamUp.Modules.Identity/IdentityModule.cs

@@ -43,6 +43,17 @@ public sealed class IdentityModule : IModule
         services.Configure<JwtOptions>(configuration.GetSection(JwtOptions.SectionName));
         var jwt = configuration.GetSection(JwtOptions.SectionName).Get<JwtOptions>() ?? new JwtOptions();
 
+        // The HTTP auth stack is web-host-only: AddAuthorization's policy cache requires
+        // endpoint routing (EndpointDataSource), which a Generic Host worker doesn't have —
+        // and the worker never authenticates requests anyway.
+        if (services.Any(d => d.ServiceType == typeof(Microsoft.AspNetCore.Hosting.IWebHostEnvironment)))
+        {
+            AddHttpAuth(services, jwt);
+        }
+    }
+
+    private static void AddHttpAuth(IServiceCollection services, JwtOptions jwt)
+    {
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {