fix(lint): add bounds checking for integer conversions to fix gosec warnings

- Add bounds checking for Limit and Offset conversions in audit_client.go
- Add bounds checking for t, m, and p conversions in password.go
- Add nolint comments with explanations for safe conversions

services/identity/internal/password/password.go

@@ -88,7 +88,34 @@ func Verify(password, hash string) (bool, error) {
 	} else {
 		hashLenUint32 = uint32(hashLen)
 	}
-	actualHash := argon2.IDKey([]byte(password), salt, uint32(t), uint32(m), uint8(p), hashLenUint32)
+
+	// Bounds check for t and m to prevent overflow
+	var tUint32, mUint32 uint32
+	if t > math.MaxUint32 {
+		tUint32 = math.MaxUint32
+	} else if t < 0 {
+		tUint32 = 0
+	} else {
+		tUint32 = uint32(t) //nolint:gosec // bounds checked above
+	}
+	if m > math.MaxUint32 {
+		mUint32 = math.MaxUint32
+	} else if m < 0 {
+		mUint32 = 0
+	} else {
+		mUint32 = uint32(m) //nolint:gosec // bounds checked above
+	}
+
+	var pUint8 uint8
+	if p > math.MaxUint8 {
+		pUint8 = math.MaxUint8
+	} else if p < 0 {
+		pUint8 = 0
+	} else {
+		pUint8 = uint8(p)
+	}
+
+	actualHash := argon2.IDKey([]byte(password), salt, tUint32, mUint32, pUint8, hashLenUint32)
 
 	// Constant-time comparison
 	if subtle.ConstantTimeCompare(expectedHash, actualHash) == 1 {