Move /api/cms/user and /api/skydive/applications to a new /api/auth domain.
Users and API key applications are identity/access concerns, not CMS or
skydive content. The auth domain provides a clear boundary for future
middleware hardening (rate limiting, audit logging, etc).
docs: add ADR 0014
Rewrites all 7 backend ADRs from a custom structure to the MADR 2.1.2
template required by the VS Code ADR Manager extension: bullet metadata
(Status/Date), standardised section headings, "Chosen option: X, because Y"
wording, and explicit Pros/Cons blocks per option.