fix: use correct role-based JWT tokens in all integration tests

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

cameleer3-server-app/src/test/java/com/cameleer3/server/app/TestSecurityHelper.java

@@ -27,11 +27,39 @@ public class TestSecurityHelper {
     }
 
     /**
-     * Registers a test agent and returns a valid JWT access token for it.
+     * Registers a test agent and returns a valid JWT access token with AGENT role.
      */
     public String registerTestAgent(String agentId) {
         agentRegistryService.register(agentId, "test", "test-group", "1.0", List.of(), Map.of());
-        return jwtService.createAccessToken(agentId, "test-group");
+        return jwtService.createAccessToken(agentId, "test-group", List.of("AGENT"));
+    }
+
+    /**
+     * Returns a valid JWT access token with the given roles (no agent registration).
+     */
+    public String createToken(String subject, String group, List<String> roles) {
+        return jwtService.createAccessToken(subject, group, roles);
+    }
+
+    /**
+     * Returns a valid JWT access token with OPERATOR role.
+     */
+    public String operatorToken() {
+        return jwtService.createAccessToken("test-operator", "user", List.of("OPERATOR"));
+    }
+
+    /**
+     * Returns a valid JWT access token with ADMIN role.
+     */
+    public String adminToken() {
+        return jwtService.createAccessToken("test-admin", "user", List.of("ADMIN"));
+    }
+
+    /**
+     * Returns a valid JWT access token with VIEWER role.
+     */
+    public String viewerToken() {
+        return jwtService.createAccessToken("test-viewer", "user", List.of("VIEWER"));
     }
 
     /**