Fix OIDC login immediate logout — rename JWT subject prefix ui: → user:

OIDC tokens had subject "oidc:<sub>" which didn't match the "ui:" prefix
check in JwtAuthenticationFilter, causing every post-login API call to
return 401 and trigger automatic logout. Renamed the prefix from "ui:"
to "user:" across all auth code for clarity (it covers both browser and
API clients, not just UI).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/JwtServiceTest.java

@@ -75,10 +75,10 @@ class JwtServiceTest {
     @Test
     void accessToken_rolesRoundTrip() {
         List<String> roles = List.of("ADMIN", "OPERATOR");
-        String token = jwtService.createAccessToken("ui:admin", "ui", roles);
+        String token = jwtService.createAccessToken("user:admin", "user", roles);
         JwtService.JwtValidationResult result = jwtService.validateAccessToken(token);
-        assertEquals("ui:admin", result.subject());
-        assertEquals("ui", result.group());
+        assertEquals("user:admin", result.subject());
+        assertEquals("user", result.group());
         assertEquals(roles, result.roles());
     }