Introduces declarative authorization pattern for Provider-based endpoints
following the same approach as the existing Organization authorization
infrastructure. No production code behavior changes — handler and
requirements are registered but not yet wired to any controllers.
New:
- IProviderRequirement: base interface for provider authorization requirements
- ProviderRequirementHandler: central handler that resolves provider claims
from route/context and delegates to requirement implementations
- ProviderClaimsExtensions: helpers to parse provider membership from claims
- ProviderAdminRequirement, ProviderUserRequirement, ManageProviderUsersRequirement
- HttpContextExtensions.GetProviderId(): route param helper (mirrors GetOrganizationId)
- DI registration for ProviderRequirementHandler
- Unit tests for all new types
