fix(#411): complete 2026-02-17 remediation sweep

Apply RLS context at task service boundaries, harden orchestrator/web integration and session startup behavior, re-enable targeted frontend tests, and lock vulnerable transitive dependencies so QA and security gates pass cleanly.

apps/api/src/prisma/prisma.service.spec.ts

@@ -156,7 +156,7 @@ describe("PrismaService", () => {
     it("should set workspace context variables in transaction", async () => {
       const userId = "user-123";
       const workspaceId = "workspace-456";
-      const executeRawSpy = vi.spyOn(service, "$executeRaw").mockResolvedValue(0);
+      vi.spyOn(service, "$executeRaw").mockResolvedValue(0);
 
       // Mock $transaction to execute the callback with a mock tx client
       const mockTx = {
@@ -195,7 +195,6 @@ describe("PrismaService", () => {
       };
 
       // Mock both methods at the same time to avoid spy issues
-      const originalSetContext = service.setWorkspaceContext.bind(service);
       const setContextCalls: [string, string, unknown][] = [];
       service.setWorkspaceContext = vi.fn().mockImplementation((uid, wid, tx) => {
         setContextCalls.push([uid, wid, tx]);