Remove multi-tenant company_id scoping from entire codebase

Drop company_id column from all 22 domain tables via migration.
Remove companyId from JWT payload, auth plugins, all service method
signatures (~215 occurrences), all route handlers (~105 occurrences),
test runner, test suites, and frontend auth store/types.

The company table stays as store settings (name, timezone). Tenant
isolation in a SaaS deployment would be at the database level (one
DB per customer) not the application level.

All 107 API tests pass. Zero TSC errors across all packages.

packages/backend/src/db/seeds/dev-seed.ts

@@ -39,7 +39,7 @@ async function seed() {
   }
 
   // --- Admin user (if not exists) ---
-  const [adminUser] = await sql`SELECT id FROM "user" WHERE email = 'admin@forte.dev'`
+  const [adminUser] = await sql`SELECT id, company_id FROM "user" WHERE email = 'admin@forte.dev'`
   if (!adminUser) {
     const bcrypt = await import('bcrypt')
     const hashedPw = await (bcrypt.default || bcrypt).hash('admin1234', 10)
@@ -50,9 +50,14 @@ async function seed() {
     }
     console.log('  Created admin user: admin@forte.dev / admin1234')
   } else {
-    // Make sure admin role is assigned
+    // Ensure admin is in the right company and has the admin role
+    if (adminUser.company_id !== COMPANY_ID) {
+      await sql`UPDATE "user" SET company_id = ${COMPANY_ID} WHERE id = ${adminUser.id}`
+      console.log('  Moved admin user to correct company')
+    }
     const [adminRole] = await sql`SELECT id FROM role WHERE company_id = ${COMPANY_ID} AND slug = 'admin' LIMIT 1`
     if (adminRole) {
+      await sql`DELETE FROM user_role_assignment WHERE user_id = ${adminUser.id}`
       await sql`INSERT INTO user_role_assignment (user_id, role_id) VALUES (${adminUser.id}, ${adminRole.id}) ON CONFLICT DO NOTHING`
     }
   }