Change config JWT duration fields to time.Duration

- fix: The AccessTTL and RefreshTTL fields in JWTConfig now use
  time.Duration type directly instead of string with ParseDuration
  methods. The config validation now checks for positive durations
  rather than parsing strings.

internal/app/webapp.go

@@ -44,8 +44,8 @@ func Bootstrap(cfg *config.Config) (*WebApp, error) {
 	authService := service.NewAuthService(
 		userRepo, sessionRepo, credentialRepo,
 		jwtSecret,
-		cfg.JWT.AccessDuration(),
-		cfg.JWT.RefreshDuration(),
+		cfg.JWT.AccessTTL,
+		cfg.JWT.RefreshTTL,
 	)
 
 	return &WebApp{