[Security] Implement Persistent JWT Authentication with Access/Refresh Tokens and RBAC

[SatyamPandey-07]

Description
The application currently lack a persistent session management system. Users need to stay logged in without sending passwords on every request, and we need to differentiate between Farmer and Shopkeeper roles.

Proposed Solution
I propose implementing a professional JWT authentication layer:

1. Create login endpoint that issues both an Access Token and a Refresh Token.
2. Store Refresh Tokens in secure, HttpOnly cookies to prevent XSS.
3. Implement a /refresh endpoint to rotate access tokens.
4. Create @token_required and @roles_required('admin') decorators for route protection.
5. Integrate with the existing Bcrypt-hashed password system.

Impact

• Enables secure, long-term user sessions.
• Foundation for personalized farmer dashboards.
• Prevents unauthorized access to sensitive financial data.

I am ready to implement this industry-standard security flow. Please assign this to me.

[github-actions]

Thank you for raising this issue!

We'll review it as soon as possible. We truly appreciate your contributions! ✨

Meanwhile make sure you've visited the README.md, CONTRIBUTING.md, and CODE_OF_CONDUCT.md before creating a PR for this. Also, please do NOT create a PR until this issue has been assigned to you. 😊

[SatyamPandey-07]

Please assign this to me. @omroy07

[omroy07]

Assigned