Add OAuth seed data and standardize service ports for Aspire orchestration

[Copilot]

Implements out-of-the-box OAuth/OIDC configuration and unifies service ports for .NET Aspire-based deployment. Sample projects now demonstrate end-to-end authentication flows without manual setup.

Port Standardization

Aligned all services to fixed ports for consistent Aspire orchestration:

Service	Port	Previous
IAM API	7070	7000
Sample API	7000	7070
IAM Admin	4200	-
Sample SPA	4201	-

OAuth Seed Data

Added SeedOAuthDataAsync in MigrationService/Worker.cs to auto-create on first run:

Standard OIDC scopes: openid, profile, email, address, phone, offline_access

FrontClient (public SPA):

• Authorization Code + PKCE flow
• Pre-configured redirects for localhost:4200/4201
• Scopes: openid, profile, email, offline_access

ApiClient (confidential):

• Client Credentials flow
• Secret: ApiClient_Secret_2025 (hashed)
• Scope: openid

// Example: Clients are now auto-created with proper PKCE/scope configuration
var frontClient = new Client
{
    ClientId = "FrontClient",
    Type = "public",
    RequirePkce = true,
    RedirectUris = new List<string> { "http://localhost:4200", "http://localhost:4201" },
    // ... scopes auto-assigned
};

Aspire Integration

Modified AppHost/Program.cs to enforce ports via WithHttpsEndpoint():

var apiService = builder.AddProject<Projects.ApiService>("ApiService")
    .WithHttpsEndpoint(port: 7070, name: "https");
var sampleApi = builder.AddProject<Projects.SampleApi>("SampleApi")
    .WithHttpsEndpoint(port: 7000, name: "https");

Documentation

• samples/README.md: OAuth 2.0/OIDC flow diagrams (authorization code + PKCE, client credentials), troubleshooting guide
• docs/SEED-DATA-GUIDE.md: Complete reference for default clients/scopes, customization patterns
• docs/quick-start.md: Single-command Aspire startup instructions
• README.md: Updated quick start with service port table

All sample configurations updated to reference new ports and default clients (FrontClient/ApiClient instead of FrontTest/ApiTest).

Original prompt

---

This section details on the original issue you should resolve

<issue_title>完善示例项目和初始配置数据</issue_title>
<issue_description>## 说明

在/sapmles目录下有 前后端的示例项目，现在要完善它，以便展示通过IAM来登录获取授权，并获取数据。

现在所有应用都集中到.NET Aspire中启动和管理。

项目端口修改

IAM后端使用7070端口，前端管理平台使用4200。

示例项目前端使用4201端口，后端使用7000。

如果现有的配置不是这样的端口，要按照以上端口进行修改。

文档更新

修改和完善相关文档，以说明最新的项目结构，服务端口以及授权验证流程。

IAM更新

对于OAuth来说，应该有一些初始化数据，除了管理员账号和角色，还应该有默认的前端使用的Clinet，如FrontClient，
和后端使用的Client，如ApiClient。

应该有一些默认的scope，如openid等。也就是说为了快速上手，应该提供一些常见的配置数据，而不是要自己手动添加。

</issue_description>

Comments on the Issue (you are @copilot in this section)

Custom agent used: ater agent
精通Asp.Net Core和Angular的全栈开发专家，能够高效地解决复杂的编程问题。

• Fixes 完善示例项目和初始配置数据 #42

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[niltor]

@copilot 初始化数据应该在MigrationService项目中完成。

[Copilot]

@copilot 初始化数据应该在MigrationService项目中完成。

已完成。所有初始化数据（OAuth作用域和客户端配置）都在 src/Services/MigrationService/Worker.cs 中实现：

• SeedInitialDataAsync: 创建管理员账号和角色
• SeedOAuthDataAsync: 创建默认OAuth作用域和客户端（FrontClient, ApiClient）

这些方法在 SeedDataAsync 中调用，会在数据库迁移后自动执行。(18aa55a)