fix(#5,#36): Fix critical security issues and add comprehensive tests

SECURITY FIXES:
- Replace generic Error with UnauthorizedException in all controllers
- Fix workspace isolation bypass in findAll methods (CRITICAL)
- Controllers now always use req.user.workspaceId, never allow query override

CODE FIXES:
- Fix redundant priority logic in tasks.service.ts
- Use TaskPriority.MEDIUM as default instead of undefined

TEST ADDITIONS:
- Add multi-tenant isolation tests for all services (tasks, events, projects)
- Add database constraint violation handling tests (P2002, P2003, P2025)
- Add missing controller error tests for events and projects controllers
- All new tests verify authentication and workspace isolation

RESULTS:
- All 247 tests passing
- Test coverage: 94.35% (exceeds 85% requirement)
- Critical security vulnerabilities fixed

Fixes #5
Refs #36

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

apps/api/src/tasks/tasks.controller.spec.ts

@@ -167,7 +167,7 @@ describe("TasksController", () => {
 
       await expect(
         controller.findOne(mockTaskId, requestWithoutWorkspace)
-      ).rejects.toThrow("User workspaceId not found");
+      ).rejects.toThrow("Authentication required");
     });
   });
 
@@ -199,7 +199,7 @@ describe("TasksController", () => {
 
       await expect(
         controller.update(mockTaskId, { title: "Test" }, requestWithoutWorkspace)
-      ).rejects.toThrow("User workspaceId not found");
+      ).rejects.toThrow("Authentication required");
     });
   });
 
@@ -223,7 +223,7 @@ describe("TasksController", () => {
 
       await expect(
         controller.remove(mockTaskId, requestWithoutWorkspace)
-      ).rejects.toThrow("User workspaceId not found");
+      ).rejects.toThrow("Authentication required");
     });
   });
 });