fix(security): address validation review comments - mutex safety and issuer normalization

Agent-Logs-Url: https://github.com/bitechdev/ResolveSpec/sessions/e886b781-c910-425f-aa6f-06d13c46dcc7

Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>

pkg/security/database_schema.sql

@@ -1545,6 +1545,8 @@ BEGIN
         'username',   u.username,
         'email',      u.email,
         'user_level', u.user_level,
+        -- NULLIF converts empty string to NULL; string_to_array(NULL) returns NULL;
+        -- to_jsonb(NULL) returns NULL; COALESCE then returns '[]' for NULL/empty roles.
         'roles',      COALESCE(to_jsonb(string_to_array(NULLIF(u.roles, ''), ',')), '[]'::jsonb),
         'exp',        EXTRACT(EPOCH FROM s.expires_at)::bigint,
         'iat',        EXTRACT(EPOCH FROM s.created_at)::bigint