I solved it.
I found what i was doing wrong, in my route config my i had auth: false, so even if i was submitting the request with my bearer token, the request was not handling the auth and was not populate the policyContext.state.user details… Simply remove the auth: false and it’s working as expected !
Hope it can be useful for someone ! 
The new route file with the correction :
"use strict";
/**
* product router
*/
const { createCoreRouter } = require("@strapi/strapi").factories;
module.exports = createCoreRouter("api::product.product", {
prefix: "",
only: ["find"],
except: [],
config: {
find: {
policies: ["global::handle-delete-permission"],
middlewares: [],
},
findOne: {},
create: {},
update: {},
delete: {},
},
});