fix(test-app): remove aud claim from JWT to resolve server validation error

Remove the aud (audience) claim from JWT payloads. The server's did-jwt
verification requires an audience option when aud is present, but the server
isn't configured to validate it, causing "JWT audience is required but your
app address has not been configured" errors.

Changes:
- Removed aud claim from JWT payload in generateEndorserJWT()
- Updated key derivation to User Zero's specific path (m/84737769'/0'/0'/0')
- Added public key verification against expected User Zero key
- Enhanced JWT diagnostics logging throughout
- Added alarm deduplication optimization (prevent duplicate alarms for same time)

Verified: JWT validation now passes (token length 360→333 chars, no audience
error). New error is API parameter validation (afterId required - separate issue).

test-apps/daily-notification-test/android/app/src/main/java/com/timesafari/dailynotification/test/TestNativeFetcher.java

@@ -95,8 +95,26 @@ public class TestNativeFetcher implements NativeNotificationContentFetcher {
         this.apiBaseUrl = apiBaseUrl;
         this.activeDid = activeDid;
         this.jwtToken = jwtToken;
-        Log.i(TAG, "TestNativeFetcher: Configured with API: " + apiBaseUrl + 
-                   ", ActiveDID: " + (activeDid != null ? activeDid.substring(0, Math.min(20, activeDid.length())) + "..." : "null"));
+        
+        // Enhanced logging for JWT diagnostic purposes
+        Log.i(TAG, "TestNativeFetcher: Configured with API: " + apiBaseUrl);
+        if (activeDid != null) {
+            Log.i(TAG, "TestNativeFetcher: ActiveDID: " + activeDid.substring(0, Math.min(30, activeDid.length())) + 
+                       (activeDid.length() > 30 ? "..." : ""));
+        } else {
+            Log.w(TAG, "TestNativeFetcher: ActiveDID is NULL");
+        }
+        
+        if (jwtToken != null) {
+            Log.i(TAG, "TestNativeFetcher: JWT token received - Length: " + jwtToken.length() + " chars");
+            // Log first and last 10 chars for verification (not full token for security)
+            String tokenPreview = jwtToken.length() > 20 
+                ? jwtToken.substring(0, 10) + "..." + jwtToken.substring(jwtToken.length() - 10)
+                : jwtToken.substring(0, Math.min(jwtToken.length(), 20)) + "...";
+            Log.d(TAG, "TestNativeFetcher: JWT preview: " + tokenPreview);
+        } else {
+            Log.e(TAG, "TestNativeFetcher: JWT token is NULL - API calls will fail");
+        }
     }
     
     @Override
@@ -141,6 +159,19 @@ public class TestNativeFetcher implements NativeNotificationContentFetcher {
                 connection.setReadTimeout(READ_TIMEOUT_MS);
                 connection.setRequestMethod("POST");
                 connection.setRequestProperty("Content-Type", "application/json");
+                
+                // Diagnostic logging for JWT usage
+                if (jwtToken != null) {
+                    String jwtPreview = jwtToken.length() > 20 
+                        ? jwtToken.substring(0, 10) + "..." + jwtToken.substring(jwtToken.length() - 10)
+                        : jwtToken;
+                    Log.d(TAG, "TestNativeFetcher: Using JWT for API call - Length: " + jwtToken.length() + 
+                               ", Preview: " + jwtPreview + ", ActiveDID: " + 
+                               (activeDid != null ? activeDid.substring(0, Math.min(30, activeDid.length())) + "..." : "null"));
+                } else {
+                    Log.e(TAG, "TestNativeFetcher: JWT token is NULL when making API call!");
+                }
+                
                 connection.setRequestProperty("Authorization", "Bearer " + jwtToken);
                 connection.setDoOutput(true);