🐛 Bug-fix PR

Closes #1254

📌 Summary

This PR fixes a bug where the jti (JWT ID) value in the generated JWT token does not match the jti stored in the email_api_tokens database table. This mismatch will cause issues with token validation, revocation, and audit logging.
The fix ensures that a single jti is generated and reused both for token creation and database insertion, maintaining consistency and referential integrity.

🔁 Reproduction Steps

1. Generate a new token via the UI or API.
2. Decode the generated token using the appropriate secret key and note the jti value in the payload.
3. Query the email_api_tokens table in the database and locate the entry corresponding to the generated token.
4. Compare the jti value from the decoded token with the one stored in the database, observe that they do not match.

🐞 Root Cause

The jti - JWT ID was being generated inside the _generate_token function and included in the token payload, but this same ID was not used when inserting the token record into the database. Instead, the database assigned a separate, random jti value to the record. As a result, the token and its corresponding database entry ended up with different jti values, breaking token validation and tracking mechanisms.
To fix this, the jti must be generated before both token creation and database insertion, ensuring the same ID is consistently used in both places.

💡 Fix Description

Refactored the token creation logic to generate the jti before both token generation and database insertion.
The same jti is now explicitly passed to both the _generate_token function and the database record creation, ensuring consistency.

🧪 Verification

📐 MCP Compliance (if relevant)

• Matches current MCP spec
• No breaking change to MCP clients

✅ Checklist

• Code formatted (make black isort pre-commit)
• No secrets/credentials committed