feat: add CI/CD pipeline, production Dockerfile, and deployment architecture

- Add production Dockerfile with bun build --compile, multi-stage Alpine build
- Add .dockerignore
- Swap bcrypt -> bcryptjs (pure JS, no native addons)
- Add programmatic migrations on startup via drizzle migrator
- Add /v1/version endpoint with APP_VERSION baked in at build time
- Add .gitea/workflows/ci.yml (lint + test with postgres/valkey services)
- Add .gitea/workflows/build.yml (version bump, build, push to registry)
- Update CLAUDE.md and docs/architecture.md to remove multi-tenancy
- Add docs/deployment.md covering DOKS + ArgoCD architecture

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

packages/backend/src/db/seeds/dev-seed.ts

@@ -42,8 +42,8 @@ async function seed() {
   const adminPassword = process.env.ADMIN_PASSWORD ?? 'admin1234'
   const [adminUser] = await sql`SELECT id FROM "user" WHERE email = 'admin@lunarfront.dev'`
   if (!adminUser) {
-    const bcrypt = await import('bcrypt')
-    const hashedPw = await (bcrypt.default || bcrypt).hash(adminPassword, 10)
+    const bcrypt = await import('bcryptjs')
+    const hashedPw = await bcrypt.hash(adminPassword, 10)
     const [user] = await sql`INSERT INTO "user" (email, password_hash, first_name, last_name, role) VALUES ('admin@lunarfront.dev', ${hashedPw}, 'Admin', 'User', 'admin') RETURNING id`
     const [adminRole] = await sql`SELECT id FROM role WHERE slug = 'admin' LIMIT 1`
     if (adminRole) {