Is your feature request related to a problem? Please describe.

OidcTokenParser only extracts username and roles from the JWT. The groups and namespaces claims are ignored, so GroupBasedPolicy and NamespaceBasedPolicy never match for OIDC-authenticated users.

Describe the solution you'd like

Extract groups and namespaces claims from the decoded JWT in OidcTokenParser.user_details_from_access_token() and pass them to the User object. Default to empty list if the claims are absent.

Describe alternatives you've considered

None — the User model, policy classes, and enforcer already support groups and namespaces. Only the OIDC parser is missing the extraction.

Additional context

Affected file: sdk/python/feast/permissions/auth/oidc_token_parser.py