No concrete auth client implementations (HTTP/gRPC/TCP)

Authenticator and Authorizer interfaces are defined in broker/auth.go but there are zero concrete implementations for external auth backends. Only test mocks exist. Every deployment must implement custom Authenticator in Go — there is no way to delegate auth to an external HTTP or gRPC service.