feat(security): implement safe guest auth flow and harden request_jwt

- Patched request_jwt to strip privileged IDs when signing with public keys
- Updated AccountContext and V3 dependencies to preserve JWT payloads for guests
- Whitelisted Archive, Post, Event, and other core objects for public read access
- Added 'default_qry_str' to Event searchable fields
- Added test_e2e_jwt_guest_auth.py for security verification

app/object_definitions/events_general.py

@@ -20,6 +20,7 @@ events_general_obj_li = {
         'tbl_name_update': 'event',
         'base_name': Event_Base,
         'base_name_alt': Event_Meeting_Flat_Base,
+        'public_read': True,
         'exp_default': [
             'event_id_random',
             'conference', 'type',
@@ -46,7 +47,7 @@ events_general_obj_li = {
             'event_id_random', 'account_id_random', 'event_code', 'conference',
             'type', 'name', 'summary', 'description', 'format', 'timezone',
             'location_text', 'status', 'enable', 'hide', 'priority', 'sort',
-            'group', 'notes', 'created_on', 'updated_on'
+            'group', 'notes', 'created_on', 'updated_on', 'default_qry_str'
         ],
     },
     'event_file': {
@@ -63,6 +64,7 @@ events_general_obj_li = {
         'table_name_alt': 'v_event_file',
         'tbl_name_update': 'event_file',
         'base_name': Event_File_Base,
+        'public_read': True,
         # V3 Search Security:
         'searchable_fields': [
             'event_file_id_random', 'hosted_file_id_random', 'event_id_random',