test: add E2E authentication flow tests (#1359)

Tests the full identity-to-gateway authentication pipeline:
- Create identity, invite, accept, authenticate, sign JWT, verify
  gateway middleware accepts token and injects claims into context
- Tenant mismatch returns 403 via TenantAuthorizationMiddleware
- Role lifecycle: grant roles and verify they propagate through JWT claims
- Token rejection: expired, wrong key, missing header, malformed
- OIDC subject fallback: EffectiveUserID falls back to JWT subject
- Full pipeline: JWT auth + tenant authorization middleware chain

Co-authored-by: Ben Coombs <bjcoombs@users.noreply.github.com>

Author: bjcoombs