Fofum — identity confirmation service

Public:
  POST /accounts/create     — register (requires usage_password in body)
  POST /auth/login          — username + password → session token
  POST /auth/validate       — check if a token is valid (for other services)
  POST /auth/prove          — prove token_a and token_b are same account
  POST /auth/logout         — revoke a token
  GET  /auth/whoami         — Bearer session token → account info

Admin (Bearer admin token from POST /admin/auth):
  POST /admin/auth
  GET  /admin/info
  GET  /admin/users
  DELETE /admin/users?username=

First run logs a usage password to the console (.fofum_config.json).
Accounts and session tokens live in BadgerDB (./data).