Add username fallback for API key resolution when JWT token expires

When the JWT token is expired or missing, endpoints could not resolve
user API keys and fell back to environment variables (which are unset).
Added resolve_user() helper that falls back to DB lookup by username
query param, and added ?user= to all frontend API calls as a belt-and-
suspenders approach alongside auth tokens.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

0 files changed, 0 insertions, 0 deletions