fix(#5,#36): Fix critical security issues and add comprehensive tests

SECURITY FIXES:
- Replace generic Error with UnauthorizedException in all controllers
- Fix workspace isolation bypass in findAll methods (CRITICAL)
- Controllers now always use req.user.workspaceId, never allow query override

CODE FIXES:
- Fix redundant priority logic in tasks.service.ts
- Use TaskPriority.MEDIUM as default instead of undefined

TEST ADDITIONS:
- Add multi-tenant isolation tests for all services (tasks, events, projects)
- Add database constraint violation handling tests (P2002, P2003, P2025)
- Add missing controller error tests for events and projects controllers
- All new tests verify authentication and workspace isolation

RESULTS:
- All 247 tests passing
- Test coverage: 94.35% (exceeds 85% requirement)
- Critical security vulnerabilities fixed

Fixes #5
Refs #36

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

apps/api/src/tasks/tasks.service.ts

@@ -1,7 +1,7 @@
 import { Injectable, NotFoundException } from "@nestjs/common";
 import { PrismaService } from "../prisma/prisma.service";
 import { ActivityService } from "../activity/activity.service";
-import { TaskStatus } from "@prisma/client";
+import { TaskStatus, TaskPriority } from "@prisma/client";
 import type { CreateTaskDto, UpdateTaskDto, QueryTasksDto } from "./dto";
 
 /**
@@ -23,7 +23,7 @@ export class TasksService {
       workspaceId,
       creatorId: userId,
       status: createTaskDto.status || TaskStatus.NOT_STARTED,
-      priority: createTaskDto.priority || createTaskDto.priority,
+      priority: createTaskDto.priority || TaskPriority.MEDIUM,
       sortOrder: createTaskDto.sortOrder ?? 0,
       metadata: createTaskDto.metadata || {},
     };