ListIssuers was miscategorized as a public gRPC method, but the CA
engine handler requires CallerInfo with user role. When called without
auth (public path), the interceptor skipped token validation, so
CallerInfo was nil and the handler returned ErrUnauthorized — which
the web UI silently swallowed, showing "No issuers configured."
Security: gRPC interceptor map correction (ListIssuers requires auth)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Kyle Isom
28d6f9fa1f