PM-4211: cover Auth0 M2M member token shape

[jmgasper]

What was broken
The earlier PM-4211 runtime fix handled M2M project-member writes, but the exact Auth0 client-credentials token shape from QA was still not covered by automated regression. That left POST /v6/projects/{projectId}/members, PATCH /v6/projects/{projectId}/members/{id}, and DELETE /v6/projects/{projectId}/members/{id} vulnerable to future regressions without a failing test.

Root cause (if identifiable)
The existing route e2e coverage mocked a simplified machine user, and JwtService coverage did not assert the non-numeric @Clients subject plus project-member write scope combination from the QA token.

What was changed
Added JwtService coverage for an Auth0 client-credentials subject carrying project-member write scope.
Added guarded project-member POST, PATCH, and DELETE regression coverage for an Auth0-shaped M2M principal whose raw token payload is broader than user.scopes.

Any added/updated tests
Updated src/shared/modules/global/jwt.service.spec.ts.
Updated test/project-member.e2e-spec.ts.
Validation run: pnpm test -- src/shared/modules/global/jwt.service.spec.ts; pnpm test:e2e -- --runInBand test/project-member.e2e-spec.ts; pnpm test -- src/shared/services/permission.service.spec.ts; pnpm test -- src/api/project-member/project-member.service.spec.ts; pnpm lint; pnpm build.
pnpm test still fails in unrelated metadata event-publishing specs on the current dev baseline.