Breaking change: Update clients to always include JWT

JWTMiddleware now enforces token presence on every request. validate=False no longer permits requests without a token. This improves baseline security and reduces the risk of accidental unauthenticated access.

Details

Action: propagate JWTs across all clients and internal services
Validate non-verified paths still include tokens and pass as expected
Monitor auth metrics to verify parity post‑migration

Who this is for: Operators and integration teams managing authentication across services and environments.