fix(auth): never panic on malformed JWT claims; sync README (!27) · Merge requests · SDKs / Auth

Dmitry Popov requested to merge develop into main Jun 11, 2026

GetUser: replace unchecked type assertions on JWT claims with safe access (claimString helper); custom:user non-object -> error, short anonymized_at no longer panics on slice. Untrusted token can no longer crash the caller (DoS).
tests: TestGetUser_MalformedClaims_DoNotPanic (wrong-typed claims, non-map user).
README: fix anonymized error string match, complete role map (CUSTOMERS, FL_MARKETING_MANAGERS, legacy EMPLOYEES.*), add FL Marketing role, role.go->roles.go, drop non-existent @v1.0.0 example.

fix(auth): never panic on malformed JWT claims; sync README