fix(server): reject queries from users with no enabled namespaces
Summary
Return a SecurityError when a non-admin user has empty group_traversal_ids instead of silently injecting WHERE false and returning zero rows.
Primary enforcement is on the Rails side (filtering JWT traversal IDs against knowledge_graph_enabled_namespaces via INNER JOIN). This change adds defense-in-depth so GKG itself also rejects the query with a clear error.
Companion
Relates to #256
Edited by Michael Angelo Rivera