feat(gateway): add MQTTS support with TLS and authentication

- Add TLS support via mqtt.Client.tls_set()
- Add username/password authentication
- Password loaded from MQTT_PASSWORD environment variable
- Username and TLS flag read from config.json

Assisted-by: Claude:claude-sonnet-4-6 — guidance on paho-mqtt TLS API
and environment variable pattern for secret management

gateway/gateway.py

@@ -39,6 +39,20 @@ class Gateway:
         self.mqttc = mqtt.Client(
             callback_api_version=mqtt.CallbackAPIVersion.VERSION2
         )
+
+        # Authentication — username from config, password from environment variable
+        username = config["mqtt"].get("username")
+        password = os.environ.get("MQTT_PASSWORD")
+        if username:
+            self.mqttc.username_pw_set(username, password)
+            log.info(f"MQTT authentication configured for user: {username}")
+
+        # TLS — enabled if specified in config
+        # Required for MQTTS connections (port 8883)
+        if config["mqtt"].get("tls", False):
+            self.mqttc.tls_set()
+            log.info("TLS enabled")
+
         self.mqttc.connect(self.mqtt_broker, self.mqtt_port)
         self.mqttc.loop_start()
         log.info("MQTT client connected")