feat(security): strict TLS mode

[rhdedgar]

What does this PR do?

Providing an optional mode to enforce secure connections for llama-stack, using only FIPS-approved TLS cipher suites.

• Add security_mode setting (development / production) to ServerConfig that enforces TLS with FIPS-approved cipher suites in production mode
• Fix JWT algorithm confusion vulnerability in OAuth2 auth provider by replacing untrusted header algorithm with a static FIPS-approved
  allowlist (RS256/PS256/ES256 families)
• Fix introspection endpoint defaulting to ssl_ctxt=False (no TLS verification) — now defaults to system CA verification (True)
• Add HSTS header middleware for all HTTPS responses
• Add --security-mode and --insecure CLI flags to override config at startup
• Add production-mode guard that rejects verify_tls=False in auth provider config

Closes RHAIENG-1865

If accepted, I expect to open a couple follow-up PRs for things like backend URL validation and HTTP-to-HTTPS redirect + some remaining config hardening. I split this effort into a couple segments to make it a more manageable size to review at one time.

Test Plan

• Unit tests added for SecurityMode validation, HSTS middleware, FIPS cipher constants, and JWT algorithm allowlist
• Existing OAuth2/JWKS tests updated to use RSA key pairs instead of HS256 symmetric keys
• uv run pytest tests/unit/server/test_tls_config.py tests/unit/server/test_auth.py -x

Additional manual checks

• Pre-commit checks looked good
• The PR checks ran against a PR on my own fork without errors.
• I tested against an OpenShift cluster with a custom build of llama-stack-k8s-operator that was configured specifically to use this new TLS-only mode, and it worked as expected.

[skamenan7]

Nice security features, Doug! Looks good except these comments.

[skamenan7]

Seems CLI overrides get lost along the way. _run_stack_run_cmd() validates the original file before this branch, and then create_app() re-reads LLAMA_STACK_CONFIG from disk anyway. so --insecure can't actually rescue a production config missing certs, and --security-mode production never reaches the verify_tls=False guard on the app side. happy to walk through the call chain if that's helpful.

[skamenan7]

current validator leaves a hole in the FIPS-only guarantee. We only auto-fill the allowlist when tls_config.ciphers is None, and _uvicorn_run() forwards any explicit list as-is. Would it make sense to validate that production-mode ciphers are a non-empty subset of FIPS_APPROVED_CIPHERS, or reject custom overrides entirely in production?

[skamenan7]

this test doesn't exercise the production startup guard. it builds an OAuth2TokenAuthConfig and asserts verify_tls stayed False, but never calls create_app(), so deleting the SystemExit branch in server.py would still leave it green. worth driving create_app() or extracting that guard into a testable helper so the test covers the real failure path.

[rhdedgar]

Ok, I've added a new commit, which should address the comments on original commit.