refactor: add ValidateSession gRPC and streamline test setup

- Add ValidateSession gRPC method for proxy-side user validation
- Move group access validation from REST callback to gRPC layer
- Capture user info in access logs via CapturedData mutable pointer
- Create validate_session_test.go for gRPC validation tests
- Simplify auth_callback_integration_test.go to create accounts
  programmatically instead of using SQL file
- SQL test data file now only used by validate_session_test.go

shared/management/proto/proxy_service.proto

@@ -20,6 +20,10 @@ service ProxyService {
   rpc CreateProxyPeer(CreateProxyPeerRequest) returns (CreateProxyPeerResponse);
 
   rpc GetOIDCURL(GetOIDCURLRequest) returns (GetOIDCURLResponse);
+
+  // ValidateSession validates a session token and checks user access permissions.
+  // Called by the proxy after receiving a session token from OIDC callback.
+  rpc ValidateSession(ValidateSessionRequest) returns (ValidateSessionResponse);
 }
 
 // GetMappingUpdateRequest is sent to initialise a mapping stream.
@@ -164,3 +168,15 @@ message GetOIDCURLRequest {
 message GetOIDCURLResponse {
   string url = 1;
 }
+
+message ValidateSessionRequest {
+  string domain = 1;
+  string session_token = 2;
+}
+
+message ValidateSessionResponse {
+  bool valid = 1;
+  string user_id = 2;
+  string user_email = 3;
+  string denied_reason = 4;
+}