refactor: User ID handling to principal auth context

[m-t-a97]

This PR refactors how authentication context is propagated and handled across the codebase. We are moving away from a user-centric (human-only) authentication state to a unified Identity Principal architecture.

With this change, Authula now natively supports both human users (user) and machine-to-machine agents (machine, e.g., API keys, service accounts) through a single polymorphic interface. Additionally, this PR introduces first-class Organization scoping directly into the core authentication context, establishing a clean, unified foundation for multi-tenancy isolation and downstream access control (RBAC).

Key Structural Changes

• Polymorphic Principals: Replaced scalar UserID tracking with a standard RequestPrincipal struct containing an explicit identity ID, Type, and dynamic Metadata.
• Multi-Tenant Scoping: Embedded OrganizationID into the top-level request context to streamline tenancy related data and context.
• Decoupled Hook Lifecycle: Updated the routing engine and session hooks to check for cooperative principal resolution, ensuring downstream plugins can evaluate access rights identically regardless of whether the caller authenticated via a cookie or an API token.