Expose user/group management APIs

Parent: #247

## Goal
Replace `cli/user_mgmt.sh`+raw Keycloak `curl` usage with scoped management APIs for M2M and human user lifecycle.

## Tasks
- Define endpoints for create/delete/list users and groups, plus assigning scopes/groups to service accounts.
- Integrate with Keycloak using service credentials rather than requiring `KEYCLOAK_ADMIN_PASSWORD` on disk.
- Persist client secrets securely (vault/secret manager) and return only what callers need once.
- Update onboarding docs + automation so CI/frontend use the new API.
- Provide automated coverage for happy-path and failure scenarios.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Expose user/group management APIs #251

Goal

Tasks

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Expose user/group management APIs #251

Description

Goal

Tasks

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions