feat: add database table prefix and complete schema definition

Added `tool_ocr_` prefix to all database tables for clear separation
from other systems in the same database.

Changes:
- All tables now use `tool_ocr_` prefix
- Added tool_ocr_sessions table for token management
- Created complete SQL schema file with:
  - Full table definitions with comments
  - Indexes for performance
  - Views for common queries
  - Stored procedures for maintenance
  - Audit log table (optional)

New files:
- database_schema.sql: Ready-to-use SQL script for deployment

Configuration:
- Added DATABASE_TABLE_PREFIX environment variable
- Updated all references to use prefixed table names

Benefits:
- Clear namespace separation in shared databases
- Easier identification of Tool_OCR tables
- Prevent conflicts with other applications

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

openspec/changes/migrate-to-external-api-authentication/proposal.md

@@ -75,9 +75,11 @@ By migrating to the external API authentication service at https://pj-auth-api.v
 
 **Complete Redesign (No backward compatibility needed)**:
 
-1. **users table (redesigned)**:
+**Table Prefix**: `tool_ocr_` (for clear separation from other systems in the same database)
+
+1. **tool_ocr_users table (redesigned)**:
    ```sql
-   CREATE TABLE users (
+   CREATE TABLE tool_ocr_users (
      id INT PRIMARY KEY AUTO_INCREMENT,
      email VARCHAR(255) UNIQUE NOT NULL,  -- Primary identifier from Azure AD
      display_name VARCHAR(255),            -- Display name from API response
@@ -88,9 +90,9 @@ By migrating to the external API authentication service at https://pj-auth-api.v
    ```
    Note: No Azure AD ID storage needed - email is sufficient as unique identifier
 
-2. **ocr_tasks table (new - for task history)**:
+2. **tool_ocr_tasks table (new - for task history)**:
    ```sql
-   CREATE TABLE ocr_tasks (
+   CREATE TABLE tool_ocr_tasks (
      id INT PRIMARY KEY AUTO_INCREMENT,
      user_id INT NOT NULL,                 -- Foreign key to users table
      task_id VARCHAR(255) UNIQUE,          -- Unique task identifier
@@ -104,22 +106,37 @@ By migrating to the external API authentication service at https://pj-auth-api.v
      updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
      completed_at TIMESTAMP NULL,
      file_deleted BOOLEAN DEFAULT FALSE,   -- Track if files were auto-deleted
-     FOREIGN KEY (user_id) REFERENCES users(id),
+     FOREIGN KEY (user_id) REFERENCES tool_ocr_users(id),
      INDEX idx_user_status (user_id, status),
      INDEX idx_created (created_at)
    );
    ```
 
-3. **task_files table (for multiple files per task)**:
+3. **tool_ocr_task_files table (for multiple files per task)**:
    ```sql
-   CREATE TABLE task_files (
+   CREATE TABLE tool_ocr_task_files (
      id INT PRIMARY KEY AUTO_INCREMENT,
      task_id INT NOT NULL,
      original_name VARCHAR(255),
      stored_path VARCHAR(500),
      file_size BIGINT,
      mime_type VARCHAR(100),
-     FOREIGN KEY (task_id) REFERENCES ocr_tasks(id) ON DELETE CASCADE
+     FOREIGN KEY (task_id) REFERENCES tool_ocr_tasks(id) ON DELETE CASCADE
+   );
+   ```
+
+4. **tool_ocr_sessions table (for token management)**:
+   ```sql
+   CREATE TABLE tool_ocr_sessions (
+     id INT PRIMARY KEY AUTO_INCREMENT,
+     user_id INT NOT NULL,
+     access_token TEXT,
+     id_token TEXT,
+     expires_at TIMESTAMP,
+     created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+     FOREIGN KEY (user_id) REFERENCES tool_ocr_users(id) ON DELETE CASCADE,
+     INDEX idx_user (user_id),
+     INDEX idx_expires (expires_at)
    );
    ```
 
@@ -227,6 +244,7 @@ By migrating to the external API authentication service at https://pj-auth-api.v
   - `TASK_RETENTION_DAYS` = 30 (auto-delete old tasks)
   - `MAX_TASKS_PER_USER` = 1000 (limit per user)
   - `ENABLE_TASK_HISTORY` = true (enable history feature)
+  - `DATABASE_TABLE_PREFIX` = "tool_ocr_" (table naming prefix)
 
 ### Security Considerations
 - HTTPS required for all authentication requests