feat: add HTMX web UI with login/register forms

- Home page showing README and stats
- Login/register forms with HTMX
- Registry and activities pages
- Cookie-based auth for web UI
- JWT secret from Docker secrets (/run/secrets/jwt_secret)
- Updated README with secret generation instructions

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

README.md

@@ -8,6 +8,7 @@ Ownership registry and ActivityPub federation for Art DAG.
 - **Activities**: Creates signed ownership claims (Create activities)
 - **Federation**: ActivityPub endpoints for follow/share
 - **L1 Integration**: Records completed L1 runs as owned assets
+- **Authentication**: User registration, login, JWT tokens
 
 ## Setup
 
@@ -27,6 +28,53 @@ python setup_keys.py
 python server.py
 ```
 
+## JWT Secret Configuration
+
+The JWT secret is used to sign authentication tokens. **Without a persistent secret, tokens are invalidated on server restart.**
+
+### Generate a secret
+
+```bash
+# Generate a 64-character hex secret
+openssl rand -hex 32
+# Or with Python
+python -c "import secrets; print(secrets.token_hex(32))"
+```
+
+### Local development
+
+```bash
+export JWT_SECRET="your-generated-secret-here"
+python server.py
+```
+
+### Docker Swarm (recommended for production)
+
+Create a Docker secret:
+```bash
+# From a generated value
+openssl rand -hex 32 | docker secret create jwt_secret -
+
+# Or from a file
+echo "your-secret-here" > jwt_secret.txt
+docker secret create jwt_secret jwt_secret.txt
+rm jwt_secret.txt
+```
+
+Reference in docker-compose.yml:
+```yaml
+services:
+  l2-server:
+    secrets:
+      - jwt_secret
+
+secrets:
+  jwt_secret:
+    external: true
+```
+
+The server reads secrets from `/run/secrets/jwt_secret` automatically.
+
 ## Key Setup
 
 ActivityPub requires RSA keys for signing activities. Generate them: