fix(security): graceful CSRF handling when Redis unavailable (A05)

veza-backend-api/internal/middleware/csrf.go

@@ -106,15 +106,15 @@ func (m *CSRFMiddleware) Middleware() gin.HandlerFunc {
 				c.Abort()
 				return
 			}
-			m.logger.Error("Failed to get CSRF token from Redis",
+			m.logger.Error("Redis unavailable for CSRF validation - service temporarily degraded",
 				zap.Error(err),
 				zap.String("user_id", userID.String()),
 			)
-			c.JSON(500, gin.H{
+			c.JSON(503, gin.H{
 				"success": false,
 				"error": gin.H{
-					"code":    500,
-					"message": "Internal server error",
+					"code":    503,
+					"message": "Service temporarily unavailable. Please retry later.",
 				},
 			})
 			c.Abort()