feat: track authorized (authenticated + successful) requests

Add 'authorized' status for requests that complete successfully after
authentication. This complements the existing 'unauthenticated' (pre-auth)
status tracking.

Now the dashboard shows:
- Authorized: Authenticated requests that succeeded
- Unauthorized: Authenticated requests rejected (not in allowlist)
- Pre-Auth: Requests sent before authentication

This gives full visibility into the auth flow:
1. Challenges: How many clients authenticated
2. Authorized: How many authenticated requests succeeded
3. Unauthorized: How many were rejected despite valid auth
4. Pre-Auth: How many tried before authenticating

Updated metrics:
- requests_total{status="authorized"} - authenticated successes
- requests_total{status="ok"} - unauthenticated successes (when no auth)

1 files changed, 7 insertions, 0 deletions

diff --git a/internal/handler/websocket/handler_test.go b/internal/handler/websocket/handler_test.go
index 10405b2..604a190 100644
--- a/internal/handler/websocket/handler_test.go
+++ b/internal/handler/websocket/handler_test.go
@@ -305,6 +305,13 @@ func TestAuthRequired(t *testing.T) {
                 t.Errorf("Expected OK true after auth, got false: %v", msg3[3])
         }
         t.Logf("Publish succeeded after auth")
+
+        // Verify authorized requests are tracked in metrics
+        authorizedCount := ts.metrics.getRequestCount("EVENT", "authorized")
+        if authorizedCount == 0 {
+                t.Errorf("Expected authorized requests to be tracked in metrics, got 0")
+        }
+        t.Logf("Metrics: %d authorized requests tracked", authorizedCount)
 }
 
 // TestAuthNotInAllowlist verifies that pubkeys not in allowlist are rejected