fix: Add admin role fields to JWT strategy for AdminGuard authorization

The AdminGuard was rejecting requests with 403 Forbidden because the JWT
strategy was only returning userId, email, and deviceId but not the admin
authorization fields (isAdmin, globalRole, adminPermissions).

Updated jwt.strategy.ts to include:
- isAdmin: boolean flag for admin access
- globalRole: user's global role (parent/guest/admin)
- adminPermissions: array of specific admin permissions
- id: added for compatibility alongside userId

This allows the AdminGuard to properly verify admin privileges when
accessing /api/v1/admin/* endpoints.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

maternal-app/maternal-app-backend/src/modules/auth/strategies/jwt.strategy.ts

@@ -32,8 +32,12 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
 
     return {
       userId: payload.sub,
+      id: payload.sub, // Add id for compatibility
       email: payload.email,
       deviceId: payload.deviceId,
+      isAdmin: user.isAdmin,
+      globalRole: user.globalRole,
+      adminPermissions: user.adminPermissions,
     };
   }
 }