feat: complete issue fixes and implement remaining features

## Critical Issues (CRIT-001~003) - All Fixed
- JWT secret key validation with pydantic field_validator
- Login audit logging for success/failure attempts
- Frontend API path prefix removal

## High Priority Issues (HIGH-001~008) - All Fixed
- Project soft delete using is_active flag
- Redis session token bytes handling
- Rate limiting with slowapi (5 req/min for login)
- Attachment API permission checks
- Kanban view with drag-and-drop
- Workload heatmap UI (WorkloadPage, WorkloadHeatmap)
- TaskDetailModal integrating Comments/Attachments
- UserSelect component for task assignment

## Medium Priority Issues (MED-001~012) - All Fixed
- MED-001~005: DB commits, N+1 queries, datetime, error format, blocker flag
- MED-006: Project health dashboard (HealthService, ProjectHealthPage)
- MED-007: Capacity update API (PUT /api/users/{id}/capacity)
- MED-008: Schedule triggers (cron parsing, deadline reminders)
- MED-009: Watermark feature (image/PDF watermarking)
- MED-010~012: useEffect deps, DOM operations, PDF export

## New Files
- backend/app/api/health/ - Project health API
- backend/app/services/health_service.py
- backend/app/services/trigger_scheduler.py
- backend/app/services/watermark_service.py
- backend/app/core/rate_limiter.py
- frontend/src/pages/ProjectHealthPage.tsx
- frontend/src/components/ProjectHealthCard.tsx
- frontend/src/components/KanbanBoard.tsx
- frontend/src/components/WorkloadHeatmap.tsx

## Tests
- 113 new tests passing (health: 32, users: 14, triggers: 35, watermark: 32)

## OpenSpec Archives
- add-project-health-dashboard
- add-capacity-update-api
- add-schedule-triggers
- add-watermark-feature
- add-rate-limiting
- enhance-frontend-ux
- add-resource-management-ui

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

backend/app/api/health/router.py

@@ -0,0 +1,70 @@
+"""Project health API endpoints.
+
+Provides endpoints for retrieving project health metrics
+and dashboard information.
+"""
+from typing import Optional
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.orm import Session
+
+from app.core.database import get_db
+from app.models import User
+from app.schemas.project_health import (
+    ProjectHealthWithDetails,
+    ProjectHealthDashboardResponse,
+)
+from app.services.health_service import HealthService
+from app.middleware.auth import get_current_user
+
+router = APIRouter(prefix="/api/projects/health", tags=["Project Health"])
+
+
+@router.get("/dashboard", response_model=ProjectHealthDashboardResponse)
+async def get_health_dashboard(
+    status_filter: Optional[str] = "active",
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
+    """
+    Get health dashboard for all projects.
+
+    Returns aggregated health metrics and summary statistics
+    for all projects matching the status filter.
+
+    - **status_filter**: Filter projects by status (default: "active")
+
+    Returns:
+    - **projects**: List of project health details
+    - **summary**: Aggregated summary statistics
+    """
+    service = HealthService(db)
+    return service.get_dashboard(status_filter=status_filter)
+
+
+@router.get("/{project_id}", response_model=ProjectHealthWithDetails)
+async def get_project_health(
+    project_id: str,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
+    """
+    Get health information for a specific project.
+
+    Returns detailed health metrics including risk level,
+    schedule status, resource status, and task statistics.
+
+    - **project_id**: UUID of the project
+
+    Raises:
+    - **404**: Project not found
+    """
+    service = HealthService(db)
+    result = service.get_project_health(project_id)
+
+    if not result:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Project not found"
+        )
+
+    return result