Generate authentication challenge
Public endpoint that generates a challenge for three-party JWT authentication.
**Security Notes:**
- Public endpoint, requires external rate limiting
- Nonce is single-use and expires based on JWT `exp_poh` claim
- Device stores up to 50 nonces with FIFO eviction
**Flow:**
1. Client calls this endpoint to get challenge
2. Client presents challenge to auth server with user credentials
3. Auth server issues JWT with nonce and expiration
4. Client submits JWT to `/auth/login` endpoint
Response
Challenge generated successfully
sn
Device serial number (audience for JWT validation)
now_poh
Current power-on hours (for POH-based expiration)
nonce
128-bit random nonce (base64url, 22 chars) for replay protection
fw
Firmware version (semver)
Errors
500
Internal Server Error

