Authorization Server: add a home/landing page (no AS home screen exists today)

[dfcoffin]

Summary

The Authorization Server (openespi-authserver, :9999) has no landing/home page. GET / 302-redirects to /login, and the only browser UI is the bare login form (/login) plus the consent/error pages. There is no place to see "what this server is / where to go." Add a simple AS home/landing page.

Current state (verified)

• / → 302 → /login
• /login → 200 (login form; designed to be hit mid-/oauth2/authorize flow, no landing afterwards)
• /.well-known/oauth-authorization-server → 200 (metadata JSON); /.well-known/openid-configuration → 404 (OIDC off — opaque-token sandbox)
• Admin/integration APIs exist but require auth and are not browser-friendly: /admin/oauth2/clients, /admin/oauth2/tokens, /admin/oauth2/authorizations; /connect/register; /api/v1/datacustodian/health
• Templates present: login.html, consent.html, error.html (no home/index)

Proposed scope

• Add a small AS home/landing page (Thymeleaf, reusing a simple header/footer) served at / (or /home) — for an authenticated admin, link to the existing admin views (clients / tokens / authorizations) and the discovery metadata; for anonymous, a short "OpenESPI Authorization Server" intro + Login link.
• Make GET / resolve to this page instead of bouncing straight to /login (keep it public/landing).
• Ensure the landing path is permitted by the AS security config and consistent with the DC/TP portal styling where reasonable.

Acceptance

Opening http://localhost:9999/ shows an Authorization Server landing page (not a redirect to a bare login), with working links to the admin views for an authenticated admin.

Notes

• Independent module (no dependency on openespi-common).
• Deferred — to be implemented later (no branch yet).