Adds a [Altcha]-decorated ProtectedActionCommand with IHasAltchaSolution
and a StubAltchaVerifier that treats the literal "valid-solution" as
passing PoW. Exercises both the HTTP MinimalApi and gRPC pipelines
without requiring an external altcha service.
Validated 4 scenarios on each transport (8 total, all pass):
HTTP /api/command/protectedAction POST 6001 gRPC :6000
-------------------------------------------------------------------
no AltchaSolution 401 Unauthenticated
AltchaSolution = "wrong" 401 Unauthenticated
AltchaSolution = "valid-solution" 200 result OK + result
addUser (no [Altcha]) 200 result OK + result
The last row confirms backward compatibility: a request type that
isn't decorated with [Altcha] bypasses the check entirely — the
AltchaAuthorizationCheck self-applies and no-ops, and any consumer
that doesn't call AddSvrntyAltcha() sees zero behavior change.
Generated CommandServiceImpl.g.cs verified to include the
ICommandAuthorizationCheck loop after validation, before handler
invocation, with the materialized command instance in ctx.Command.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
