Does anyone know why a valid OAuth token with wfm:schedule:write scope returns a 403 Forbidden when posting to /api/v2/wfm/schedules? The integration works in sandbox but fails in production. Verified the org ID matches. Checking the audit logs shows no specific denial reason. Is there a hidden permission level or a known issue with AppFoundry tokens accessing WFM endpoints directly?