feat(auth): consolidate and secure V3 authentication flow

- Re-apply safe guest auth and passcode-to-JWT endpoint
- Consolidate AccountContext with token_payload and role flags
- Restore documentation for new guest flows and public read whitelists
- Fix 403 error in get_obj_li by allowing optional account context

app/lib_jwt.py

@@ -20,7 +20,7 @@ def sign_jwt(
         user_id: str = None,
         json_str: str = None,
         b64_str: str = None,
-        **kwargs # Allow arbitrary claims (e.g. administrator, manager, super)
+        **kwargs # Allow arbitrary claims
         ) -> str:
     log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
     log.debug(locals())
@@ -45,7 +45,7 @@ def sign_jwt(
         'b64_str': b64_str,
     }
     
-    # Merge any additional claims provided via kwargs
+    # Merge additional claims
     if kwargs:
         payload.update(kwargs)