feat: complete issue fixes and implement remaining features

## Critical Issues (CRIT-001~003) - All Fixed
- JWT secret key validation with pydantic field_validator
- Login audit logging for success/failure attempts
- Frontend API path prefix removal

## High Priority Issues (HIGH-001~008) - All Fixed
- Project soft delete using is_active flag
- Redis session token bytes handling
- Rate limiting with slowapi (5 req/min for login)
- Attachment API permission checks
- Kanban view with drag-and-drop
- Workload heatmap UI (WorkloadPage, WorkloadHeatmap)
- TaskDetailModal integrating Comments/Attachments
- UserSelect component for task assignment

## Medium Priority Issues (MED-001~012) - All Fixed
- MED-001~005: DB commits, N+1 queries, datetime, error format, blocker flag
- MED-006: Project health dashboard (HealthService, ProjectHealthPage)
- MED-007: Capacity update API (PUT /api/users/{id}/capacity)
- MED-008: Schedule triggers (cron parsing, deadline reminders)
- MED-009: Watermark feature (image/PDF watermarking)
- MED-010~012: useEffect deps, DOM operations, PDF export

## New Files
- backend/app/api/health/ - Project health API
- backend/app/services/health_service.py
- backend/app/services/trigger_scheduler.py
- backend/app/services/watermark_service.py
- backend/app/core/rate_limiter.py
- frontend/src/pages/ProjectHealthPage.tsx
- frontend/src/components/ProjectHealthCard.tsx
- frontend/src/components/KanbanBoard.tsx
- frontend/src/components/WorkloadHeatmap.tsx

## Tests
- 113 new tests passing (health: 32, users: 14, triggers: 35, watermark: 32)

## OpenSpec Archives
- add-project-health-dashboard
- add-capacity-update-api
- add-schedule-triggers
- add-watermark-feature
- add-rate-limiting
- enhance-frontend-ux
- add-resource-management-ui

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

backend/app/api/tasks/router.py

@@ -1,11 +1,11 @@
 import uuid
-from datetime import datetime
+from datetime import datetime, timezone
 from typing import List, Optional
 from fastapi import APIRouter, Depends, HTTPException, status, Query, Request
 from sqlalchemy.orm import Session
 
 from app.core.database import get_db
-from app.models import User, Project, Task, TaskStatus, AuditAction
+from app.models import User, Project, Task, TaskStatus, AuditAction, Blocker
 from app.schemas.task import (
     TaskCreate, TaskUpdate, TaskResponse, TaskWithDetails, TaskListResponse,
     TaskStatusUpdate, TaskAssignUpdate
@@ -374,7 +374,8 @@ async def delete_task(
             detail="Permission denied",
         )
 
-    now = datetime.utcnow()
+    # Use naive datetime for consistency with database storage
+    now = datetime.now(timezone.utc).replace(tzinfo=None)
 
     # Soft delete the task
     task.is_deleted = True
@@ -504,11 +505,18 @@ async def update_task_status(
 
     task.status_id = status_data.status_id
 
-    # Auto-set blocker_flag based on status name
+    # Auto-set blocker_flag based on status name and actual Blocker records
     if new_status.name.lower() == "blocked":
         task.blocker_flag = True
     else:
-        task.blocker_flag = False
+        # Only set blocker_flag = False if there are no unresolved blockers
+        unresolved_blockers = db.query(Blocker).filter(
+            Blocker.task_id == task.id,
+            Blocker.resolved_at == None,
+        ).count()
+        if unresolved_blockers == 0:
+            task.blocker_flag = False
+        # If there are unresolved blockers, keep blocker_flag as is
 
     # Evaluate triggers for status changes
     if old_status_id != status_data.status_id: