privacy/security: add PM privacy levels and improve session visibility

app/auth/service.py

@@ -244,6 +244,20 @@ def get_request_metadata(request: Request) -> tuple[str | None, str | None]:
     return ip_address, user_agent
 
 
+def get_access_session_info(token: str) -> tuple[str, datetime] | None:
+    try:
+        payload = decode_token(token)
+    except ValueError:
+        return None
+    if payload.get("type") != "access":
+        return None
+    jti = payload.get("jti")
+    if not isinstance(jti, str) or not jti:
+        return None
+    issued_at = _token_issued_at(payload) or datetime.now(timezone.utc)
+    return jti, issued_at
+
+
 async def setup_twofa(db: AsyncSession, user: User) -> tuple[str, str]:
     if user.twofa_enabled and user.twofa_secret:
         secret = user.twofa_secret