chore: remove debug logging from OidcTokenExchanger

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/OidcTokenExchanger.java

@@ -124,25 +124,18 @@ public class OidcTokenExchanger {
         // Try roles from access_token first (JWT providers like Logto, Keycloak),
         // then fall back to id_token
         List<String> roles = Collections.emptyList();
-        log.info("OIDC access_token: isJwt={}, length={}, prefix='{}'",
-                accessTokenStr != null && accessTokenStr.contains("."),
-                accessTokenStr != null ? accessTokenStr.length() : 0,
-                accessTokenStr != null ? accessTokenStr.substring(0, Math.min(30, accessTokenStr.length())) : "null");
         if (accessTokenStr != null && accessTokenStr.contains(".")) {
             try {
                 String audience = config.audience() != null ? config.audience() : "";
                 JWTClaimsSet atClaims = decodeAccessToken(accessTokenStr, config.issuerUri(), audience);
                 if (atClaims != null) {
-                    log.info("OIDC access_token claims: {}", atClaims.getClaims().keySet());
                     roles = extractRoles(atClaims, config.rolesClaim());
                     if (!roles.isEmpty()) {
                         log.info("OIDC roles from access_token: {}", roles);
                     }
-                } else {
-                    log.info("OIDC access_token audience mismatch (expected='{}')", audience);
                 }
             } catch (Exception e) {
-                log.warn("Could not decode access_token as JWT: {}", e.getMessage());
+                log.debug("Could not decode access_token as JWT: {}", e.getMessage());
             }
         }
         if (roles.isEmpty()) {