feat: enforce master token authentication and reasoning support

- Added strict token validation against LLM_PROXY__SERVER__AUTH_TOKENS.
- Integrated 'reasoning_content' support into providers and server responses.
- Updated AppState to carry valid auth tokens for request-time validation.

src/state/mod.rs

@@ -17,6 +17,7 @@ pub struct AppState {
     pub request_logger: Arc<RequestLogger>,
     pub model_registry: Arc<ModelRegistry>,
     pub dashboard_tx: broadcast::Sender<serde_json::Value>,
+    pub auth_tokens: Vec<String>,
 }
 
 impl AppState {
@@ -25,6 +26,7 @@ impl AppState {
         db_pool: DbPool,
         rate_limit_manager: RateLimitManager,
         model_registry: ModelRegistry,
+        auth_tokens: Vec<String>,
     ) -> Self {
         let client_manager = Arc::new(ClientManager::new(db_pool.clone()));
         let (dashboard_tx, _) = broadcast::channel(100);
@@ -38,6 +40,7 @@ impl AppState {
             request_logger,
             model_registry: Arc::new(model_registry),
             dashboard_tx,
+            auth_tokens,
         }
     }
 }