fix(security) : exclude ROLE_USER for ROLE_CLIENT users

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/Entity/User.php

@@ -96,7 +96,10 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
     public function getRoles(): array
     {
         $roles = $this->roles;
+
+        if (!in_array('ROLE_CLIENT', $roles, true)) {
             $roles[] = 'ROLE_USER';
+        }
 
         return array_values(array_unique($roles));
     }