…uite

- New GCS destination plugin for uploading certificates to Google Cloud Storage

- Modular architecture with separate methods for testing and maintainability

- Comprehensive error handling for GCS API exceptions

- Support for certificate variable expansion (CN, OU, O, L, S, C)

- Wildcard certificate handling with automatic asterisk replacement

- Complete test suite with 11 tests covering all plugin functionality

- Added google-cloud-storage dependency to requirements

- Updated CLAUDE.md with enhanced development guidelines

- All code follows PEP 8 standards and passes lint checks

Features:

- Configurable bucket names and object paths

- Certificate and private key upload support

- Robust credential validation using GOOGLE_APPLICATION_CREDENTIALS

- Detailed logging for debugging and monitoring

- Input validation to prevent security issues

Technical Details:

- Refactored upload functionality into 6 testable methods

- Added type hints throughout for better code quality

- Implemented proper Flask app context handling in tests

- Mock-based testing for external GCS dependencies

- Comprehensive docstrings with parameter and exception documentation

The PyJWT library now enforces that the 'sub' claim must be a string,
but Lemur was setting it to an integer user ID, causing token validation
to fail with "Subject must be a string" errors.

This fix:
- Converts user IDs to strings when creating JWT tokens
- Converts the subject back to int when validating tokens for user lookup
- Maintains backward compatibility with existing functionality

Fixes authentication issues where login succeeded but subsequent API
requests returned 403 forbidden errors.