Preserve each user's push token

[iMattPro]

When a new post is made, notify() loops through the queue which contains one notification object per user — e.g. users 2, 3, 4, 5, 6 all watching topic 1. Each gets their own DB row with their own unique push_token (generated from random_bytes(32)).

With the old two-key map [type_id][item_id], each iteration overwrote the same slot:

$map[1][2] = 'token_for_user_2'  // overwritten
$map[1][2] = 'token_for_user_3'  // overwritten
$map[1][2] = 'token_for_user_4'  // overwritten
...
$map[1][2] = 'token_for_user_6'  // final value

Then notify_using_webpush() built every user's push payload using token_for_user_6's hash. When users 2–5's service workers tried to fetch the notification, the controller computed hash(user_form_salt . push_token) from the DB — which wouldn't match the token in the payload — and returned NO_AUTH_OPERATION.

The three-key map [type_id][item_id][user_id] preserves each user's token independently, so each push payload carries the correct hash for that specific user.