refactor: go fix ./... — modernize to Go 1.25 idioms

[rsharath]

Summary

Mechanical output of go fix ./... on both the root module and pkg/authjwt. Five categories of pure-form modernization to Go 1.21–1.25 idioms. No API or semantic changes. Net code reduction: 11 files, +41/−71.

What changed

Pattern	Before → After	Sites
interface{} → any (Go 1.18+)	type-alias modernization	internal/service/{audit,authcode}.go, pkg/authjwt/{claims,verifier_test}.go
for i := 0; i < N; i++ → for range N (Go 1.22+)	integer-range loops	tests/integration/{attestation_oidc,deactivation,identity,refresh_token_race}_test.go
manual loop → slices.Contains (Go 1.21+)	adds "slices" import in 3 files	internal/service/credential_policy.go::containsString, internal/service/oauth.go (3 sites: client_credentials / authorization_code / refresh_token grant-allowlist checks), pkg/authjwt/claims.go::HasScope
if x < 0 { x = 0 } → max(x, 0) (Go 1.21+ builtins)	offset clamp	internal/handler/identity.go::listIdentitiesOp
wg.Add(1) + go func() { defer wg.Done(); ... }() → wg.Go(func() { ... }) (Go 1.25)	new WaitGroup.Go method	tests/integration/refresh_token_race_test.go::TestRefreshTokenConcurrentRotation

The slices.Contains swaps add "slices" to imports in three files — no other import changes.

Test plan

• go vet ./... — clean (root + pkg/authjwt)
• go test ./... -count=1 -timeout=180s — green, ~9.8s
• No semantic changes — pure mechanical output of go fix

Scope and ordering

• Independent of build(deps): upgrade lestrrat-go/jwx v2 → v4 + Go 1.26 #114 and build(deps): bump pgdriver, mapstructure, testcontainers + currency refresh #115. Either order can merge; the only file overlap with build(deps): upgrade lestrrat-go/jwx v2 → v4 + Go 1.26 #114 (jwx v2 → v4) is pkg/authjwt/claims.go. Both edits are mechanical (go fix here changes interface{} → any + slices.Contains; build(deps): upgrade lestrrat-go/jwx v2 → v4 + Go 1.26 #114 changes the v4 token accessors). Whichever lands second needs a small rebase.
• Mergeable on Go 1.25.8 (the current GO_VER). The wg.Go change requires Go 1.25 which the repo's already on.

Why this is worth doing

• Removes language-version-tax noise from future diffs (every interface{} you see in a future PR review will now be there because someone wrote it post-fix, not because it predates the alias).
• slices.Contains is more grep-able than ad-hoc loops and harder to get subtly wrong.
• wg.Go removes the Add(1) / defer Done() pairing footgun in concurrent test code.
• for range N matches what the project already uses for newer code; consistency.

[gemini-code-assist]

Code Review

This pull request modernizes the codebase by adopting Go 1.21+ features, such as the max built-in, the slices package for collection checks, and the any alias for interface{}. It also simplifies integer-based loops using the range keyword. However, a critical compilation error was introduced in the integration tests by attempting to use a non-existent Go method on sync.WaitGroup. Additionally, the containsString helper function should be removed as it is now a redundant wrapper around slices.Contains.