Sync all Go structs with upstream Casdoor object package

[Copilot]

SDK structs were missing fields added in recent upstream commits, causing clients to implicitly send zero-values during CRUD operations. This PR comprehensively syncs all major structs with the upstream Casdoor object package.

Changes

New ScopeItem struct for custom OAuth scopes:

type ScopeItem struct {
    Name        string   `json:"name"`
    DisplayName string   `json:"displayName"`
    Description string   `json:"description"`
    Tools       []string `json:"tools"` // MCP scope-to-tool permissions
}

Application struct additions:

• Category (varchar(20)) - Application category: "Default", "Agent"
• Type (varchar(20)) - Application type: "All", "MCP", "A2A", "OIDC", "OAuth", "SAML", "CAS"
• Scopes ([]*ScopeItem) - Custom OAuth scopes for agent applications
• Domain, OtherDomains, UpstreamHost, SslMode, SslCert - Reverse proxy configuration

JwtItem struct addition:

• Category (string) - Token attribute categorization

User struct addition:

• WebauthnCredentials ([]webauthn.Credential) - WebAuthn support for passwordless authentication

Organization struct additions:

• AccountMenu (varchar(20)) - Account menu configuration
• DcrPolicy (varchar(100)) - Dynamic Client Registration policy support

Provider struct additions:

• HttpHeaders (map[string]string) - Custom HTTP headers for provider communication
• SslMode (varchar(100)) - SSL mode: "Auto", "Enable", "Disable"
• EmailRegex (varchar(200)) - Email validation regex
• EnableProxy (bool) - Proxy support flag
• EnablePkce (bool) - PKCE (Proof Key for Code Exchange) support

Token struct addition:

• Resource (varchar(255)) - RFC 8707 Resource Indicator support

Verification

• ✅ All changes compile successfully
• ✅ Code review passed with no comments
• ✅ CodeQL security scan found 0 alerts
• ✅ Dependencies updated (go.mod, go.sum) including new webauthn package

Syncs SDK with upstream commits: 3cb9df3, 6e1e5dd, c8f8f88, 3b8e7c9

Original prompt

---

This section details on the original issue you should resolve

<issue_title>SDK is off-sync again</issue_title>
<issue_description>With CRUD API approach, where you replace at update, it's very inconvenient when the SDK is not reflecting the API.

casdoor/casdoor@3cb9df3

The change isn't even mentioned in swagger v1.503.0

The change isn't backward compatible, not when the client doesn't know that, and sends back the field implicitly with zero-value.</issue_description>

Comments on the Issue (you are @copilot in this section)

@hsluoyz need to sync all new struct fields to this casdoor-go-sdk

• Fixes SDK is off-sync again #232

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[hsluoyz]

@copilot should sync all Go structs under object pkg: https://github.com/casdoor/casdoor/tree/master/object

[Copilot]

@copilot should sync all Go structs under object pkg: https://github.com/casdoor/casdoor/tree/master/object

Done! I've synced all Go structs from the upstream object package. Changes include:

User (552c668): WebauthnCredentials field
Organization (552c668): AccountMenu, DcrPolicy fields
Provider (552c668): HttpHeaders, SslMode, EmailRegex, EnableProxy, EnablePkce fields
Token (552c668): Resource field
Application (bf7ed47): Category, Type, Scopes fields + reverse proxy fields

All changes compile successfully with no security issues found.