Fix OIDC login immediate logout — rename JWT subject prefix ui: → user:

OIDC tokens had subject "oidc:<sub>" which didn't match the "ui:" prefix
check in JwtAuthenticationFilter, causing every post-login API call to
return 401 and trigger automatic logout. Renamed the prefix from "ui:"
to "user:" across all auth code for clarity (it covers both browser and
API clients, not just UI).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/JwtService.java

@@ -14,7 +14,7 @@ public interface JwtService {
     /**
      * Validated JWT payload.
      *
-     * @param subject the {@code sub} claim (agent ID or {@code ui:<username>})
+     * @param subject the {@code sub} claim (agent ID or {@code user:<username>})
      * @param group   the {@code group} claim
      * @param roles   the {@code roles} claim (e.g. {@code ["AGENT"]}, {@code ["ADMIN"]})
      */

cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/UserInfo.java

@@ -6,7 +6,7 @@ import java.util.List;
 /**
  * Represents a persisted user in the system.
  *
- * @param userId      unique identifier (e.g. OIDC {@code sub} or {@code ui:<username>})
+ * @param userId      unique identifier (e.g. OIDC {@code sub} or {@code user:<username>})
  * @param provider    authentication provider ({@code "local"}, {@code "oidc:<issuer-host>"})
  * @param email       user email (may be empty)
  * @param displayName display name (may be empty)