feat: enhance authentication and publication download tracking

- Added JWT authentication support with configurable secret and expiration.
- Introduced optional API key validation for endpoints.
- Implemented tracking of publication downloads by researchers, storing records in a new PublicationDownload model.
- Updated export endpoints to conditionally register downloads based on user authentication.
- Enhanced researcher search response to indicate if publications were downloaded by the current user.
- Updated environment configuration to include new JWT settings.

backend/app/security/api_key.py

@@ -25,3 +25,19 @@ def get_api_key(api_key: str = Depends(api_key_header)):
             detail="API key inválida o ausente."
         )
     return api_key
+
+
+def get_api_key_optional(api_key: str = Depends(api_key_header)) -> str | None:
+    """
+    Devuelve la API key si está presente y es correcta.
+    - Si no está presente: None
+    - Si está presente pero incorrecta: 401
+    """
+    if api_key is None:
+        return None
+    if api_key != API_KEY_VALUE:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="API key inválida."
+        )
+    return api_key