Fix trackInApp* payload mutation and add JWT auth test coverage (#552)

[davidtruong]

Replace delete statements with destructuring to avoid mutating the caller's payload object. The interceptor already overwrites email/userId with the correct values from SDK state, so the delete was both unnecessary and harmful as a side effect. Also adds missing JWT auth test coverage for in-app event endpoints.

https://claude.ai/code/session_016eGrVtXnTGForEz4J3Krrm

JIRA Ticket(s) if any

• MOB-XXXX

Description

Test Steps

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.40%. Comparing base (190a168) to head (b9da81d).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #567      +/-   ##
==========================================
- Coverage   74.45%   74.40%   -0.05%     
==========================================
  Files          57       57              
  Lines        2736     2731       -5     
  Branches      798      798              
==========================================
- Hits         2037     2032       -5     
  Misses        698      698              
  Partials        1        1              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[davidtruong]

Things are fixed