Mobile External Login

This simulates the Docebo-recommended mobile workaround: authenticate outside the app, mint an RS256 JWT bearer, then redirect to Go.Learn via a deep link.