Remove DevSecurityConfig and replace with real authentication

[annikaholmqvist94]

Background

DevSecurityConfig was added temporarily to allow endpoint testing with simulated users via the X-Dev-User HTTP header. It disables CSRF and opens all endpoints without real authentication. This needs to be replaced before the project is considered production-ready.

Tasks

• Remove src/main/java/org/example/vet1177/config/DevSecurityConfig.java
• Remove or implement src/main/java/org/example/vet1177/security/auth/dto/AuthResponse.java (currently empty placeholder)
• Implement real authentication (e.g. JWT)
• Update SecurityFilterChain so endpoints are properly protected

[coderabbitai]

⚠️ Possible Duplicate Issue(s)

• feat: Implement JWT security hardening (JwtAuthFilter, stateless sessions, endpoint restrictions) #61

---

📝 Issue Planner

_{Check the box below or use the @coderabbitai plan command to generate an implementation plan and prompts that you can use with your favorite coding assistant.}

• Create Plan

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!