fix(api): fix RLS context, DTO validation, and error handling

- Wrap SET LOCAL in transactions for proper connection pooling
- Make workspaceId optional in query DTOs (derived from guards)
- Replace Error throws with UnauthorizedException in activity controller
- Update workspace guard to remove RLS context setting
- Document that services should use withUserContext/withUserTransaction

apps/api/src/tasks/dto/query-tasks.dto.ts

@@ -14,8 +14,9 @@ import { Type } from "class-transformer";
  * DTO for querying tasks with filters and pagination
  */
 export class QueryTasksDto {
+  @IsOptional()
   @IsUUID("4", { message: "workspaceId must be a valid UUID" })
-  workspaceId!: string;
+  workspaceId?: string;
 
   @IsOptional()
   @IsEnum(TaskStatus, { message: "status must be a valid TaskStatus" })