feat(auth): add password encoding and default user initialization

- Register Argon2PasswordEncoder as a Spring bean
- Implement InitUserRunner to seed default users on startup
- Add spring-security-crypto and bouncycastle dependencies
- Include database schema initialization script

src/main/kotlin/com/msksbr/bookmgr/config/PasswordConfig.kt

@@ -0,0 +1,15 @@
+package com.msksbr.bookmgr.config
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.crypto.argon2.Argon2PasswordEncoder
+import org.springframework.security.crypto.password.PasswordEncoder
+
+// 将Argon2的加盐哈希方法注册成Bean
+@Configuration
+class PasswordConfig {
+    @Bean
+    fun passwordEncoder(): PasswordEncoder {
+        return Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8()
+    }
+}

src/main/kotlin/com/msksbr/bookmgr/runner/InitUserRunner.kt

@@ -0,0 +1,75 @@
+package com.msksbr.bookmgr.runner
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper
+import com.msksbr.bookmgr.entity.User
+import com.msksbr.bookmgr.mapper.UserMapper
+import org.slf4j.LoggerFactory
+import org.springframework.boot.ApplicationArguments
+import org.springframework.boot.ApplicationRunner
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.stereotype.Component
+import org.springframework.transaction.annotation.Transactional
+
+@Component
+class InitUserRunner(
+    val passwordEncoder: PasswordEncoder,
+    val userMapper: UserMapper,
+) : ApplicationRunner {
+    private val logger= LoggerFactory.getLogger(InitUserRunner::class.java)
+    // 添加注解，失败时可回滚
+    @Transactional
+    override fun run(args: ApplicationArguments) {
+        logger.info("Init user")
+        insertUser()
+        logger.info("Init user complete")
+    }
+
+    fun insertUser() {
+        // 创建admin账户
+        logger.info("create admin user")
+        val admin = User(
+            null,
+            "admin",
+            // 1. 使用 Argon2 对密码进行哈希处理（自动包含随机 salt）
+            // 2. encode() 来自 Java 接口，Kotlin 会将返回值视为平台类型，因此这里断言非空
+            passwordEncoder.encode("admin")!!,
+            "admin"
+        )
+        logger.info("insert common user")
+        // 创建普通账户
+        val user = User(
+            null,
+            "user",
+            passwordEncoder.encode("user")!!,
+            "user"
+        )
+        // 插入到数据库
+        // 先查询数据库中是否有admin账户
+        logger.info("select admin user from database")
+        val existsAdmin = userMapper.selectOne(
+            QueryWrapper<User>()
+                .eq("username", admin.username)
+        )
+        // 没有则插入
+        if (existsAdmin == null) {
+            logger.info("admin user not found")
+            logger.info("insert admin user to database")
+            userMapper.insert(admin)
+        }else{
+            logger.info("found exists admin user")
+        }
+
+        logger.info("select common user from database")
+        val existsUser = userMapper.selectOne(
+            QueryWrapper<User>()
+                .eq("username", user.username)
+        )
+        if (existsUser == null) {
+            logger.info("common user not found")
+            logger.info("insert common user to database")
+            userMapper.insert(user)
+        }else{
+            logger.info("found exists common user")
+        }
+    }
+}