Fix: Admin club management 500 error - JWT clubs claim format

- Fix clubs attribute in Keycloak to contain only UUIDs (removed role names)

- Add defensive error handling in ClubService.GetMyClubsAsync()

- Add logging for debugging club retrieval issues

- Return empty list instead of 500 error on failures

Fixes: Admin users can now manage clubs without contact admin error

infra/keycloak/realm-export.json

@@ -82,18 +82,18 @@
       "standardFlowEnabled": true,
       "implicitFlowEnabled": false,
       "directAccessGrantsEnabled": true,
-"serviceAccountsEnabled": false,
-    "authorizationServicesEnabled": false,
-    "protocol": "openid-connect",
-    "redirectUris": [
-      "http://localhost:30080/*"
-    ],
-    "webOrigins": [
-      "http://localhost:30080"
-    ],
-    "attributes": {
-      "pkce.code.challenge.method": "S256",
-      "post.logout.redirect.uris": "http://localhost:30080/*",
+      "serviceAccountsEnabled": false,
+      "authorizationServicesEnabled": false,
+      "protocol": "openid-connect",
+      "redirectUris": [
+        "http://localhost:30080/*"
+      ],
+      "webOrigins": [
+        "http://localhost:30080"
+      ],
+      "attributes": {
+        "pkce.code.challenge.method": "S256",
+        "post.logout.redirect.uris": "http://localhost:30080/*",
         "access.token.lifespan": "3600"
       },
       "protocolMappers": [
@@ -162,7 +162,9 @@
       "firstName": "Admin",
       "lastName": "User",
       "attributes": {
-        "clubs": []
+        "clubs": [
+          "64e05b5e-ef45-81d7-f2e8-3d14bd197383,3b4afcfa-1352-8fc7-b497-8ab52a0d5fda"
+        ]
       },
       "credentials": [
         {
@@ -337,4 +339,4 @@
   "dockerAuthenticationFlow": "docker auth",
   "attributes": {},
   "keycloakVersion": "26.0.0"
-}
+}