fix(infra): add privileges and fix Keycloak configuration for auth

Update realm-export.json with fixed UUID endianness, correct passwords,
mappers, and SSL configuration. Add ALTER DEFAULT PRIVILEGES for app_admin
in PostgreSQL init.sh to ensure proper role permissions.

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

infra/postgres/init.sh

@@ -12,6 +12,14 @@ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-E
     ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO workclub;
 EOSQL
 
+# Create app_admin role for RLS bypass (used by SeedDataService)
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "workclub" <<-EOSQL
+    CREATE ROLE app_admin;
+    GRANT app_admin TO workclub WITH INHERIT FALSE, SET TRUE;
+    ALTER DEFAULT PRIVILEGES FOR ROLE workclub IN SCHEMA public GRANT ALL ON TABLES TO app_admin;
+    ALTER DEFAULT PRIVILEGES FOR ROLE workclub IN SCHEMA public GRANT ALL ON SEQUENCES TO app_admin;
+EOSQL
+
 # Create Keycloak database
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
     CREATE USER keycloak WITH PASSWORD 'keycloakpass';