fix(#411): complete 2026-02-17 remediation sweep

Apply RLS context at task service boundaries, harden orchestrator/web integration and session startup behavior, re-enable targeted frontend tests, and lock vulnerable transitive dependencies so QA and security gates pass cleanly.

apps/api/src/tasks/tasks.controller.ts

@@ -53,8 +53,12 @@ export class TasksController {
    */
   @Get()
   @RequirePermission(Permission.WORKSPACE_ANY)
-  async findAll(@Query() query: QueryTasksDto, @Workspace() workspaceId: string) {
-    return this.tasksService.findAll(Object.assign({}, query, { workspaceId }));
+  async findAll(
+    @Query() query: QueryTasksDto,
+    @Workspace() workspaceId: string,
+    @CurrentUser() user: AuthenticatedUser
+  ) {
+    return this.tasksService.findAll(Object.assign({}, query, { workspaceId }), user.id);
   }
 
   /**
@@ -64,8 +68,12 @@ export class TasksController {
    */
   @Get(":id")
   @RequirePermission(Permission.WORKSPACE_ANY)
-  async findOne(@Param("id") id: string, @Workspace() workspaceId: string) {
-    return this.tasksService.findOne(id, workspaceId);
+  async findOne(
+    @Param("id") id: string,
+    @Workspace() workspaceId: string,
+    @CurrentUser() user: AuthenticatedUser
+  ) {
+    return this.tasksService.findOne(id, workspaceId, user.id);
   }
 
   /**