feat: tkuser 통합 관리 서비스 + 전체 시스템 SSO 쿠키 인증 통합

- tkuser 서비스 신규 추가 (API + Web)
  - 사용자/권한/프로젝트/부서/작업자/작업장/설비/작업/휴가 통합 관리
  - 작업장 탭: 공장→작업장 드릴다운 네비게이션 + 구역지도 클릭 연동
  - 작업 탭: 공정(work_types)→작업(tasks) 계층 관리
  - 휴가 탭: 유형 관리 + 연차 배정(근로기준법 자동계산)
- 전 시스템 SSO 쿠키 인증으로 통합 (.technicalkorea.net 공유)
- System 2: 작업 이슈 리포트 기능 강화
- System 3: tkuser API 연동, 페이지 권한 체계 적용
- docker-compose에 tkuser-api, tkuser-web 서비스 추가
- ARCHITECTURE.md, DEPLOYMENT.md 문서 작성

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docker-compose.yml

@@ -24,11 +24,6 @@ services:
       test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
       timeout: 20s
       retries: 10
-    deploy:
-      resources:
-        limits:
-          memory: 2G
-          cpus: "1.0"
     networks:
       - tk-network
 
@@ -51,11 +46,6 @@ services:
       test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-mproject}"]
       timeout: 10s
       retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 1536M
-          cpus: "0.5"
     networks:
       - tk-network
 
@@ -69,11 +59,6 @@ services:
       interval: 10s
       timeout: 5s
       retries: 3
-    deploy:
-      resources:
-        limits:
-          memory: 256M
-          cpus: "0.25"
     networks:
       - tk-network
 
@@ -108,11 +93,6 @@ services:
         condition: service_healthy
       redis:
         condition: service_healthy
-    deploy:
-      resources:
-        limits:
-          memory: 256M
-          cpus: "0.25"
     networks:
       - tk-network
 
@@ -153,11 +133,6 @@ services:
         condition: service_healthy
       redis:
         condition: service_healthy
-    deploy:
-      resources:
-        limits:
-          memory: 512M
-          cpus: "0.5"
     networks:
       - tk-network
 
@@ -171,11 +146,6 @@ services:
       - "30080:80"
     depends_on:
       - system1-api
-    deploy:
-      resources:
-        limits:
-          memory: 128M
-          cpus: "0.25"
     networks:
       - tk-network
 
@@ -191,11 +161,6 @@ services:
       - API_BASE_URL=http://system1-api:3005
     depends_on:
       - system1-api
-    deploy:
-      resources:
-        limits:
-          memory: 256M
-          cpus: "0.25"
     networks:
       - tk-network
 
@@ -235,11 +200,6 @@ services:
         condition: service_healthy
       redis:
         condition: service_healthy
-    deploy:
-      resources:
-        limits:
-          memory: 384M
-          cpus: "0.5"
     networks:
       - tk-network
 
@@ -253,11 +213,6 @@ services:
       - "30180:80"
     depends_on:
       - system2-api
-    deploy:
-      resources:
-        limits:
-          memory: 128M
-          cpus: "0.25"
     networks:
       - tk-network
 
@@ -274,23 +229,22 @@ services:
     ports:
       - "30200:8000"
     environment:
-      - DATABASE_URL=${SYSTEM3_DATABASE_URL:-postgresql://mproject:mproject2024@postgres:5432/mproject}
+      - DB_HOST=mariadb
+      - DB_PORT=3306
+      - DB_USER=${MYSQL_USER:-hyungi_user}
+      - DB_PASSWORD=${MYSQL_PASSWORD}
+      - DB_NAME=${MYSQL_DATABASE:-hyungi}
       - SECRET_KEY=${SSO_JWT_SECRET}
       - ALGORITHM=HS256
       - ACCESS_TOKEN_EXPIRE_MINUTES=10080
       - ADMIN_USERNAME=${SYSTEM3_ADMIN_USERNAME:-hyungi}
-      - ADMIN_PASSWORD=${SYSTEM3_ADMIN_PASSWORD:-123456}
       - TZ=Asia/Seoul
+      - TKUSER_API_URL=http://tkuser-api:3000
     volumes:
       - system3_uploads:/app/uploads
     depends_on:
-      postgres:
+      mariadb:
         condition: service_healthy
-    deploy:
-      resources:
-        limits:
-          memory: 512M
-          cpus: "0.5"
     networks:
       - tk-network
 
@@ -302,13 +256,52 @@ services:
     restart: unless-stopped
     ports:
       - "30280:80"
+    volumes:
+      - system3_uploads:/usr/share/nginx/html/uploads
     depends_on:
       - system3-api
-    deploy:
-      resources:
-        limits:
-          memory: 128M
-          cpus: "0.25"
+    networks:
+      - tk-network
+
+  # =================================================================
+  # User Management (tkuser)
+  # =================================================================
+
+  tkuser-api:
+    build:
+      context: ./user-management/api
+      dockerfile: Dockerfile
+    container_name: tk-tkuser-api
+    restart: unless-stopped
+    ports:
+      - "30300:3000"
+    environment:
+      - NODE_ENV=production
+      - PORT=3000
+      - DB_HOST=mariadb
+      - DB_PORT=3306
+      - DB_USER=${MYSQL_USER:-hyungi_user}
+      - DB_PASSWORD=${MYSQL_PASSWORD}
+      - DB_NAME=${MYSQL_DATABASE:-hyungi}
+      - SSO_JWT_SECRET=${SSO_JWT_SECRET}
+    volumes:
+      - system1_uploads:/usr/src/app/uploads
+    depends_on:
+      mariadb:
+        condition: service_healthy
+    networks:
+      - tk-network
+
+  tkuser-web:
+    build:
+      context: ./user-management/web
+      dockerfile: Dockerfile
+    container_name: tk-tkuser-web
+    restart: unless-stopped
+    ports:
+      - "30380:80"
+    depends_on:
+      - tkuser-api
     networks:
       - tk-network
 
@@ -329,11 +322,6 @@ services:
       - system1-web
       - system2-web
       - system3-web
-    deploy:
-      resources:
-        limits:
-          memory: 128M
-          cpus: "0.25"
     networks:
       - tk-network
 
@@ -355,11 +343,6 @@ services:
     depends_on:
       mariadb:
         condition: service_healthy
-    deploy:
-      resources:
-        limits:
-          memory: 128M
-          cpus: "0.25"
     networks:
       - tk-network
 
@@ -378,23 +361,25 @@ services:
       - gateway
       - system2-web
       - system3-web
-    deploy:
-      resources:
-        limits:
-          memory: 128M
-          cpus: "0.25"
     networks:
       - tk-network
 
 volumes:
   mariadb_data:
+    external: true
+    name: tkfb-package_db_data
   postgres_data:
+    external: true
+    name: tkqc-package_postgres_data
   system1_uploads:
+    external: true
+    name: tkfb_api_uploads
   system1_logs:
   system2_uploads:
   system2_logs:
   system3_uploads:
-
+    external: true
+    name: tkqc-package_uploads
 networks:
   tk-network:
     driver: bridge