feat: support time_zone for user registration context

gateway/openapi.yaml

@@ -192,8 +192,10 @@ paths:
       description: |
         Completes a previously issued `challenge_id`, sends the verification
         `code`, and registers the standard base64-encoded raw 32-byte Ed25519
-        `client_public_key` for the new device session. The response returns
-        the created `device_session_id`.
+        `client_public_key` for the new device session. The caller must also
+        supply the client-selected IANA `time_zone`, which the gateway forwards
+        unchanged to the Auth / Session Service. The response returns the
+        created `device_session_id`.
 
         This route is unauthenticated and classified as `public_auth`.
         Public REST anti-abuse applies a per-IP bucket derived from
@@ -221,6 +223,7 @@ paths:
                   challenge_id: challenge-123
                   code: "123456"
                   client_public_key: base64-encoded-raw-ed25519-public-key
+                  time_zone: Europe/Kaliningrad
       responses:
         "200":
           description: The device session was created by the Auth / Session Service.
@@ -296,6 +299,7 @@ components:
         - challenge_id
         - code
         - client_public_key
+        - time_zone
       properties:
         challenge_id:
           type: string
@@ -306,6 +310,12 @@ components:
         client_public_key:
           type: string
           description: Standard base64-encoded raw 32-byte Ed25519 public key registered for the new device session.
+        time_zone:
+          type: string
+          description: |
+            Client-selected IANA time zone name forwarded to the Auth /
+            Session Service as registration context for first-time user
+            creation.
     ConfirmEmailCodeResponse:
       type: object
       additionalProperties: false