stages/captcha: add Cap and JSON verification support

[dominic-r]

Add a configurable verification request content type so CAPTCHA providers can use either form-encoded or JSON token verification.

Add Cap as a preset and flow controller, including module-script loading, interactive widget handling, generated API/client types, tests, and docs.

Closes #22314

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	6bf0bd6
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/6a19798425dda700084a65d2
😎 Deploy Preview	https://deploy-preview-22373--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	6bf0bd6
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/6a197984156a2a00087a6333
😎 Deploy Preview	https://deploy-preview-22373--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	6bf0bd6
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/6a197984ea31e700087d8e96
😎 Deploy Preview	https://deploy-preview-22373--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

❌ Patch coverage is 33.33333% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 52.86%. Comparing base (9e75f62) to head (6bf0bd6).
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
authentik/stages/captcha/tests.py	17.64%	14 Missing ⚠️
authentik/stages/captcha/stage.py	33.33%	2 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (9e75f62) and HEAD (6bf0bd6). Click for more details.

HEAD has 30 uploads less than BASE

Flag	BASE (9e75f62)	HEAD (6bf0bd6)
e2e	10	3
conformance	6	1
unit	10	2
unit-migrate	10	0

Additional details and impacted files

@@             Coverage Diff             @@
##             main   #22373       +/-   ##
===========================================
- Coverage   93.30%   52.86%   -40.44%     
===========================================
  Files        1033     1033               
  Lines       60150    60172       +22     
  Branches      400      400               
===========================================
- Hits        56120    31808    -24312     
- Misses       4030    28364    +24334     

Flag	Coverage Δ
conformance	35.78% <20.83%> (-0.78%)	⬇️
e2e	36.31% <20.83%> (-5.46%)	⬇️
integration	32.99% <20.83%> (-0.12%)	⬇️
rust	0.00% <ø> (ø)
unit	49.77% <33.33%> (-42.46%)	⬇️
unit-migrate	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[kensternberg-authentik]

I made comments for improvment; nothing here looks broken, but the documentation could be better and the semantic overload of publicKey where you (sometimes) put a URL is one of those things that can make looking at the raw database or at a blueprint confusing. There is one place where the user could type in a bad URL and I don't see that handled. That shouldn't stop deployment, but it should be addressed.