test(api): add full API test suite with get_keycloak_client async fix

Add 45 API tests covering all 12 post endpoints (CRUD, publish/unpublish) with RBAC policy coverage across guest, user, admin roles.

Fix get_keycloak_client() in deps.py to be async - Dishka's async container requires await on get(), without it a coroutine object was returned instead of the actual client.

app/presentation/api/deps.py

@@ -32,7 +32,7 @@ PublishPostDep = FromDishka[PublishPostUseCase]
 security = HTTPBearer(auto_error=False)
 
 
-def get_keycloak_client(request: Request) -> KeycloakAuthClient:
+async def get_keycloak_client(request: Request) -> KeycloakAuthClient:
     """Get Keycloak client from DI container via request state.
 
     Args:
@@ -41,7 +41,7 @@ def get_keycloak_client(request: Request) -> KeycloakAuthClient:
     Returns:
         KeycloakAuthClient instance from container.
     """
-    client: KeycloakAuthClient = request.state.dishka_container.get(KeycloakAuthClient)
+    client: KeycloakAuthClient = await request.state.dishka_container.get(KeycloakAuthClient)
     return client
 
 
@@ -64,7 +64,7 @@ async def get_current_token_info(
     if not credentials:
         raise UnauthorizedException("Authentication required")
 
-    keycloak_client = get_keycloak_client(request)
+    keycloak_client = await get_keycloak_client(request)
     token = credentials.credentials
     token_info = await keycloak_client.introspect_token(token)
 
@@ -110,7 +110,7 @@ async def get_optional_token_info(
     if not credentials:
         return None
 
-    keycloak_client = get_keycloak_client(request)
+    keycloak_client = await get_keycloak_client(request)
     token = credentials.credentials
     token_info = await keycloak_client.introspect_token(token)