OSM-Verknüpfung (Modell A): OAuth2-Fundament für Nutzer-Beiträge

- Tabelle user_osm (access_token verschlüsselt at rest via Fernet,
  Schlüssel aus JWT_SECRET abgeleitet oder OSM_TOKEN_KEY).
- Router /api/osm-auth: authorize (signierter state mit user_id+CSRF),
  callback (Code-Tausch + OSM-Name holen + speichern), status, unlink.
- Profil-UI (Settings): "OSM-Konto verknüpfen" / verknüpft-als / trennen,
  hundehalter-spezifische Motivation.
- cryptography in requirements.
- Basis für dog=yes-Beiträge + Gamification/Pro (folgt). Staging-Branch.

ENV nötig: OSM_CLIENT_ID, OSM_CLIENT_SECRET (Redirect-URI default staging).

backend/main.py

@@ -227,6 +227,7 @@ from routes.walks      import router as walks_router
 from routes.events     import router as events_router
 from routes.sitting    import router as sitting_router
 from routes.osm        import router as osm_router
+from routes.osm_auth   import router as osm_auth_router
 from routes.forum      import router as forum_router
 from routes.lost       import router as lost_router
 from routes.knigge     import router as knigge_router
@@ -292,6 +293,7 @@ app.include_router(walks_router,      prefix="/api/walks",      tags=["Gassi-Tre
 app.include_router(events_router,     prefix="/api/events",     tags=["Events"])
 app.include_router(sitting_router,    prefix="/api/sitting",    tags=["Sitting"])
 app.include_router(osm_router,        prefix="/api/osm",        tags=["OSM"])
+app.include_router(osm_auth_router,   prefix="/api/osm-auth",   tags=["OSM-Auth"])
 app.include_router(weather_router,    prefix="/api/weather",    tags=["Wetter"])
 app.include_router(social_router,     prefix="/api/social",     tags=["Social"])
 app.include_router(forum_router,      prefix="/api/forum",      tags=["Forum"])