feat: Add global administrator role support with integration tests for admin-only club endpoints.

backend/WorkClub.Tests.Integration/Infrastructure/TestAuthHandler.cs

@@ -30,9 +30,10 @@ public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions
         var emailClaim = Context.Request.Headers["X-Test-Email"].ToString();
         var userIdClaim = Context.Request.Headers["X-Test-UserId"].ToString();
         var clubRolesJson = Context.Request.Headers["X-Test-ClubRoles"].ToString();
+        var realmAccessClaim = Context.Request.Headers["X-Test-Realm-Access"].ToString();
 
         // If no test auth headers are present, return NoResult (unauthenticated)
-        if (string.IsNullOrEmpty(emailClaim) && string.IsNullOrEmpty(userIdClaim) && string.IsNullOrEmpty(clubsClaim))
+        if (string.IsNullOrEmpty(emailClaim) && string.IsNullOrEmpty(userIdClaim) && string.IsNullOrEmpty(clubsClaim) && string.IsNullOrEmpty(realmAccessClaim))
         {
             return Task.FromResult(AuthenticateResult.NoResult());
         }
@@ -46,6 +47,11 @@ public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions
             new Claim(ClaimTypes.Email, resolvedEmail),
             new Claim("preferred_username", resolvedEmail),
         };
+        
+        if (!string.IsNullOrEmpty(realmAccessClaim))
+        {
+            claims.Add(new Claim("realm_access", realmAccessClaim, ClaimValueTypes.String));
+        }
 
         if (!string.IsNullOrEmpty(clubsClaim))
         {