Fix security and quality issues from code review

Critical: Add company scoping to line item update/delete and note
delete via ownership verification through ticket join. Add companyId
validation to signed URL file serving. High: Paginate notes list
endpoint with search and sort support. Fix blob URL memory leaks in
AuthImage components with proper cleanup on unmount. Improve photo
upload error handling — count failures and show specific error count
instead of silently clearing form.

packages/admin/src/api/repairs.ts

@@ -98,7 +98,7 @@ export const repairNoteKeys = {
 export function repairNoteListOptions(ticketId: string) {
   return queryOptions({
     queryKey: repairNoteKeys.all(ticketId),
-    queryFn: () => api.get<{ data: RepairNote[] }>(`/v1/repair-tickets/${ticketId}/notes`),
+    queryFn: () => api.get<PaginatedResponse<RepairNote>>(`/v1/repair-tickets/${ticketId}/notes`, { page: 1, limit: 100, order: 'asc' }),
     enabled: !!ticketId,
   })
 }