feat: implement 8 OpenSpec proposals for security, reliability, and UX improvements

## Security Enhancements (P0)
- Add input validation with max_length and numeric range constraints
- Implement WebSocket token authentication via first message
- Add path traversal prevention in file storage service

## Permission Enhancements (P0)
- Add project member management for cross-department access
- Implement is_department_manager flag for workload visibility

## Cycle Detection (P0)
- Add DFS-based cycle detection for task dependencies
- Add formula field circular reference detection
- Display user-friendly cycle path visualization

## Concurrency & Reliability (P1)
- Implement optimistic locking with version field (409 Conflict on mismatch)
- Add trigger retry mechanism with exponential backoff (1s, 2s, 4s)
- Implement cascade restore for soft-deleted tasks

## Rate Limiting (P1)
- Add tiered rate limits: standard (60/min), sensitive (20/min), heavy (5/min)
- Apply rate limits to tasks, reports, attachments, and comments

## Frontend Improvements (P1)
- Add responsive sidebar with hamburger menu for mobile
- Improve touch-friendly UI with proper tap target sizes
- Complete i18n translations for all components

## Backend Reliability (P2)
- Configure database connection pool (size=10, overflow=20)
- Add Redis fallback mechanism with message queue
- Add blocker check before task deletion

## API Enhancements (P3)
- Add standardized response wrapper utility
- Add /health/ready and /health/live endpoints
- Implement project templates with status/field copying

## Tests Added
- test_input_validation.py - Schema and path traversal tests
- test_concurrency_reliability.py - Optimistic locking and retry tests
- test_backend_reliability.py - Connection pool and Redis tests
- test_api_enhancements.py - Health check and template tests

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

backend/app/core/deprecation.py

@@ -0,0 +1,45 @@
+"""Deprecation middleware for legacy API routes.
+
+Provides middleware to add deprecation warning headers to legacy /api/ routes
+during the transition to /api/v1/.
+"""
+import logging
+from datetime import datetime
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request
+
+logger = logging.getLogger(__name__)
+
+
+class DeprecationMiddleware(BaseHTTPMiddleware):
+    """Middleware to add deprecation headers to legacy API routes.
+
+    This middleware checks if a request is using a legacy /api/ route
+    (instead of /api/v1/) and adds appropriate deprecation headers to
+    encourage migration to the new versioned API.
+    """
+
+    # Sunset date for legacy routes (6 months from now, adjust as needed)
+    SUNSET_DATE = "2026-07-01T00:00:00Z"
+
+    async def dispatch(self, request: Request, call_next):
+        response = await call_next(request)
+
+        # Check if this is a legacy /api/ route (not /api/v1/)
+        path = request.url.path
+        if path.startswith("/api/") and not path.startswith("/api/v1/"):
+            # Skip deprecation headers for health check endpoints
+            if path in ["/health", "/health/ready", "/health/live", "/health/detailed"]:
+                return response
+
+            # Add deprecation headers (RFC 8594)
+            response.headers["Deprecation"] = "true"
+            response.headers["Sunset"] = self.SUNSET_DATE
+            response.headers["Link"] = f'</api/v1{path[4:]}>; rel="successor-version"'
+            response.headers["X-Deprecation-Notice"] = (
+                "This API endpoint is deprecated. "
+                "Please migrate to /api/v1/ prefix. "
+                f"This endpoint will be removed after {self.SUNSET_DATE}."
+            )
+
+        return response