fix(tests): Fix CI pipeline failures in pipeline 239

Two fixes for CI test failures:

1. secret-scanner.service.spec.ts - "unreadable files" test:
   - The test uses chmod 0o000 to make a file unreadable
   - In CI (Docker), tests run as root where chmod doesn't prevent reads
   - Fix: Detect if running as root with process.getuid() and adjust
     expectations accordingly (root can still read the file)

2. demo/kanban/page.tsx - Build failure during static generation:
   - KanbanBoard component uses useToast() hook from @mosaic/ui
   - During Next.js static generation, ToastProvider context is not available
   - Fix: Wrap page content with ToastProvider to provide context

Quality gates verified locally:
- lint: pass
- typecheck: pass
- orchestrator tests: 612 passing
- web tests: 650 passing (23 skipped)
- web build: pass (/demo/kanban now prerendered successfully)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/orchestrator/src/git/secret-scanner.service.spec.ts

@@ -434,11 +434,21 @@ SECRET=replace-me
       // Remove read permissions
       await fs.chmod(testFile, 0o000);
 
+      // Check if we're running as root (where chmod 0o000 won't prevent reads)
+      const isRoot = process.getuid?.() === 0;
+
       const result = await service.scanFile(testFile);
 
-      expect(result.scannedSuccessfully).toBe(false);
-      expect(result.scanError).toBeDefined();
-      expect(result.hasSecrets).toBe(false); // Not "clean", just unscanned
+      if (isRoot) {
+        // Root can still read the file, so it will scan successfully
+        expect(result.scannedSuccessfully).toBe(true);
+        expect(result.hasSecrets).toBe(true); // Contains AWS key
+      } else {
+        // Non-root user cannot read the file
+        expect(result.scannedSuccessfully).toBe(false);
+        expect(result.scanError).toBeDefined();
+        expect(result.hasSecrets).toBe(false); // Not "clean", just unscanned
+      }
 
       // Cleanup - restore permissions first
       await fs.chmod(testFile, 0o644);