[Feature]: Authorization Pipeline Behavior

[eneshoxha]

Title: Add authorization pipeline behaviors for command/query access control

Labels: enhancement, mediator, new-package

Body:

Problem

CQRS architectures commonly need authorization checks before handler execution. Currently, consumers must implement this themselves as a custom pipeline behavior or embed authorization logic in each handler.

Proposed Solution

Create a Cortex.Mediator.Behaviors.Authorization package:

• IAuthorizationRequirement<TRequest> interface that handlers implement to define requirements
• AuthorizationCommandBehavior<TCommand, TResult> -- resolves and checks all IAuthorizationRequirement<TCommand> before execution
• AuthorizationQueryBehavior<TQuery, TResult> -- same for queries
• Integration with Microsoft.AspNetCore.Authorization.IAuthorizationService for policy-based auth
• UnauthorizedException thrown when authorization fails

public class CreateOrderAuthorizationRequirement : IAuthorizationRequirement<CreateOrderCommand>
{
    public Task<AuthorizationResult> CheckAsync(
        CreateOrderCommand command,
        IServiceProvider services,
        CancellationToken cancellationToken)
    {
        // Check if current user can create orders
    }
}