JWT Mint/Validate Role Confusion

Bearer tokens fail or become forgeable because the system confuses minting (signing) with validation (verifying and building a claims principal), so secrets/claims and auth flow semantics drift across apps and endpoints.