- Add /api/auth/users endpoint for authenticated users to search other users
- Only return public info (id, username, nickname, avatar) in search results
- Change /api/user routes to require user:admin permission instead of user:read
- Update auth tests to use /api/auth/me for self updates
- Add tests for new user search endpoint
- Move and split 'auth/auth_test.go' into the 'tests/' directory
- Add 'tests/main_test.go' for global test suite setup
- Add 'tests/helpers_test.go' for shared test utilities
- Create separate test files for different auth scenarios ('auth_test.go', 'none_auth_test.go')
- Add focused tests for org permissions and middleware ('org_permission_test.go', 'resource_perm_test.go', 'org_load_middleware_test.go')
veypi