fix: filter user attached policy accesses on pull

[legendac]

Closes #170

Problem

When a policy is assigned directly to a user (rather than via a role), Directus creates an access record with role = null and user = <uuid>. Two bugs stemmed from this:

1. Incorrect public policy detection — the public policy is identified by role = null (and user = null). User-attached accesses also have role = null, causing them to be mistakenly matched as the public policy.
2. Polluted dump on pull — user-attached accesses were included in the policy dump, which is incorrect since they represent user-specific runtime state, not sync-able configuration.

Changes

• policies/id-mapper-client.ts — tightened the public policy filter to also require user = null, so user-attached accesses (role = null, user = uuid) are no longer mistaken for the public policy.
• policies/data-client.ts — added roles.user to the fetched fields so user-attached accesses can be identified during pull.
• policies/data-mapper.ts — overrides mapIdsToSyncIdAndRemoveIgnoredFields to strip any access entries where role = null and user != null before they reach the dump.
• e2e/push-with-user-policy-assignment.ts — adds a new test asserting that user-attached accesses are absent from the pulled dump.

[legendac]

Hi @EdouardDem would you be able to review the changes to see if it fixes the issue.

[EdouardDem]

Hi @legendac Thanks for the PR. I approved it. I'm waiting for the tests to pass and i'll publish a new version