Adds five new claims to the AI Gateway access-token JWT, pulled from the aichatContext the client already sends:

• client_type
• level_id (from currentLevelId)
• script_id
• channel_id
• lesson_id

These claims let the AI Gateway Worker attach curriculum context (level, lesson, script, channel) to Sentry traces, so we can slice telemetry by lesson and correlate a request back to a specific issuance event. The token interface on the worker side already declared channel_id and level_id as required fields, but they were never actually issued — this fixes the mismatch and adds the other three while we're touching the issuer.

Links

• Jira: SL-1749
• Companion PR (ai-gateway): code-dot-org/ai-gateway#37 — reads these claims and attaches them as context.* attributes on the root Sentry span

Testing story

• Manual: requested a token from /ai_gateway/access_token with a real aichatContext, decoded the returned JWT, confirmed all five new claims are populated with the values the client sent.

Note: Lesson_id is in the AIchatContext Type, but it isn't currently passed through. we can add this in a follow-up if useful.

• Verified can_access_aichat_chat_completion? still gates correctly (no behavior change to the access check — only refactored to a local var).