feat: implement 8 OpenSpec proposals for security, reliability, and UX improvements

## Security Enhancements (P0)
- Add input validation with max_length and numeric range constraints
- Implement WebSocket token authentication via first message
- Add path traversal prevention in file storage service

## Permission Enhancements (P0)
- Add project member management for cross-department access
- Implement is_department_manager flag for workload visibility

## Cycle Detection (P0)
- Add DFS-based cycle detection for task dependencies
- Add formula field circular reference detection
- Display user-friendly cycle path visualization

## Concurrency & Reliability (P1)
- Implement optimistic locking with version field (409 Conflict on mismatch)
- Add trigger retry mechanism with exponential backoff (1s, 2s, 4s)
- Implement cascade restore for soft-deleted tasks

## Rate Limiting (P1)
- Add tiered rate limits: standard (60/min), sensitive (20/min), heavy (5/min)
- Apply rate limits to tasks, reports, attachments, and comments

## Frontend Improvements (P1)
- Add responsive sidebar with hamburger menu for mobile
- Improve touch-friendly UI with proper tap target sizes
- Complete i18n translations for all components

## Backend Reliability (P2)
- Configure database connection pool (size=10, overflow=20)
- Add Redis fallback mechanism with message queue
- Add blocker check before task deletion

## API Enhancements (P3)
- Add standardized response wrapper utility
- Add /health/ready and /health/live endpoints
- Implement project templates with status/field copying

## Tests Added
- test_input_validation.py - Schema and path traversal tests
- test_concurrency_reliability.py - Optimistic locking and retry tests
- test_backend_reliability.py - Connection pool and Redis tests
- test_api_enhancements.py - Health check and template tests

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

backend/app/models/project_member.py

@@ -0,0 +1,56 @@
+"""ProjectMember model for cross-department project collaboration.
+
+This model tracks explicit project membership, allowing users from different
+departments to be granted access to projects they wouldn't normally have
+access to based on department isolation rules.
+"""
+import uuid
+from sqlalchemy import Column, String, ForeignKey, DateTime, UniqueConstraint
+from sqlalchemy.sql import func
+from sqlalchemy.orm import relationship
+from app.core.database import Base
+
+
+class ProjectMember(Base):
+    """
+    Represents a user's membership in a project.
+
+    This enables cross-department collaboration by explicitly granting
+    project access to users regardless of their department.
+
+    Roles:
+    - member: Can view and edit tasks
+    - admin: Can manage project settings and add other members
+    """
+    __tablename__ = "pjctrl_project_members"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    project_id = Column(
+        String(36),
+        ForeignKey("pjctrl_projects.id", ondelete="CASCADE"),
+        nullable=False,
+        index=True
+    )
+    user_id = Column(
+        String(36),
+        ForeignKey("pjctrl_users.id", ondelete="CASCADE"),
+        nullable=False,
+        index=True
+    )
+    role = Column(String(50), nullable=False, default="member")
+    added_by = Column(
+        String(36),
+        ForeignKey("pjctrl_users.id"),
+        nullable=False
+    )
+    created_at = Column(DateTime, server_default=func.now(), nullable=False)
+
+    # Unique constraint to prevent duplicate memberships
+    __table_args__ = (
+        UniqueConstraint('project_id', 'user_id', name='uq_project_member'),
+    )
+
+    # Relationships
+    project = relationship("Project", back_populates="members")
+    user = relationship("User", foreign_keys=[user_id], back_populates="project_memberships")
+    added_by_user = relationship("User", foreign_keys=[added_by])