Add REST and GraphQL schema for login session management

[HyeockJinKim]

Define the API surface for login session management. Implementation returns NotImplementedError until integration story is completed.

Scope

• REST endpoints (return NotImplementedError): GET /user/login-sessions, DELETE /user/login-sessions/{id}, PATCH /admin/users/{id} with login_security_policy field
• GraphQL schema: LoginSession type, LoginSecurityPolicy input/output types
• GraphQL mutations (return NotImplementedError): updateUserLoginSecurityPolicy, revokeLoginSession
• GraphQL queries: myLoginSessions
• Request/response schema validation (Pydantic models for REST, strawberry types for GQL)

Notes

• No dependency on Story 1 — API layer can be built independently
• Parallel workable with Story 1

JIRA Issue: BA-4906