Fix RLS permission issue in integration tests

- Add BYPASSRLS privilege to app_admin role
- Grant full schema and table access to app_admin
- Allow rls_test_user to assume app_admin role
- Fixes: permission denied for table clubs (42501)

backend/WorkClub.Tests.Integration/Infrastructure/CustomWebApplicationFactory.cs

@@ -62,15 +62,30 @@ public class CustomWebApplicationFactory<TProgram> : WebApplicationFactory<TProg
     using var cmd = conn.CreateCommand();
     cmd.CommandText = @"
       DO $$ BEGIN
+      -- Create test user for RLS
       IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'rls_test_user') THEN
         CREATE USER rls_test_user WITH PASSWORD 'rlspass';
+      END IF;
+      
+      -- Grant basic permissions to test user
       GRANT CONNECT ON DATABASE workclub_test TO rls_test_user;
+      GRANT USAGE ON SCHEMA public TO rls_test_user;
       GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO rls_test_user;
       GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO rls_test_user;
-                END IF;
+      
+      -- Create app_admin role for bypassing RLS
       IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN
-                    CREATE ROLE app_admin;
+        CREATE ROLE app_admin WITH BYPASSRLS;
       END IF;
+      
+      -- Grant app_admin full access to tables
+      GRANT CONNECT ON DATABASE workclub_test TO app_admin;
+      GRANT USAGE ON SCHEMA public TO app_admin;
+      GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_admin;
+      GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO app_admin;
+      
+      -- Allow rls_test_user to assume app_admin role
+      GRANT app_admin TO rls_test_user;
       END $$;
     ";
     cmd.ExecuteNonQuery();