fix(SEC-WEB-32+34): Add input maxLength limits + API request timeout

SEC-WEB-32: Added maxLength to form inputs (names: 100, descriptions: 500,
emails: 254) in WorkspaceSettings, TeamSettings, InviteMember components.

SEC-WEB-34: Added AbortController timeout (30s default, configurable) to
apiRequest and apiPostFormData in API client.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/web/src/components/workspace/WorkspaceSettings.test.tsx

@@ -0,0 +1,46 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { render, screen } from "@testing-library/react";
+import { WorkspaceMemberRole } from "@mosaic/shared";
+import { WorkspaceSettings } from "./WorkspaceSettings";
+import userEvent from "@testing-library/user-event";
+
+const defaultWorkspace = {
+  id: "ws-1",
+  name: "Test Workspace",
+  createdAt: new Date("2026-01-01"),
+  updatedAt: new Date("2026-01-01"),
+  ownerId: "user-1",
+  settings: {},
+};
+
+describe("WorkspaceSettings", (): void => {
+  const mockOnUpdate = vi.fn<(name: string) => Promise<void>>();
+  const mockOnDelete = vi.fn<() => Promise<void>>();
+
+  beforeEach((): void => {
+    mockOnUpdate.mockReset();
+    mockOnDelete.mockReset();
+    mockOnUpdate.mockResolvedValue(undefined);
+    mockOnDelete.mockResolvedValue(undefined);
+  });
+
+  describe("maxLength limits", (): void => {
+    it("should have maxLength of 100 on workspace name input", async (): Promise<void> => {
+      const user = userEvent.setup();
+      render(
+        <WorkspaceSettings
+          workspace={defaultWorkspace}
+          userRole={WorkspaceMemberRole.OWNER}
+          onUpdate={mockOnUpdate}
+          onDelete={mockOnDelete}
+        />
+      );
+
+      // Click Edit to reveal the input
+      await user.click(screen.getByRole("button", { name: /edit/i }));
+
+      const nameInput = screen.getByLabelText(/workspace name/i);
+      expect(nameInput).toHaveAttribute("maxLength", "100");
+    });
+  });
+});