feat(B2): add tenant model + migrations 035/036 + RLS policies

Migration 035: tenants table with 'Schaeffler' default seed.
Migration 036: tenant_id FK on all tables, RLS policies, backfill.
New domains/tenants/ with CRUD router (admin only).
All domain models extended with tenant_id FK.
core/database.py: get_db_for_tenant with RLS context setter.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/domains/notifications/models.py

@@ -4,6 +4,9 @@ from sqlalchemy import String, Boolean, DateTime, ForeignKey
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 from sqlalchemy.dialects.postgresql import UUID, JSONB
 from app.database import Base
+from typing import TYPE_CHECKING
+if TYPE_CHECKING:
+    from app.domains.tenants.models import Tenant
 
 
 class AuditLog(Base):
@@ -23,6 +26,9 @@ class AuditLog(Base):
     )
     read_at: Mapped[datetime | None] = mapped_column(DateTime, nullable=True)
     notification: Mapped[bool] = mapped_column(Boolean, default=False, nullable=False)
+    tenant_id: Mapped[uuid.UUID | None] = mapped_column(
+        UUID(as_uuid=True), ForeignKey("tenants.id"), nullable=True, index=True
+    )
 
     user: Mapped["User"] = relationship("User", back_populates="audit_logs", foreign_keys=[user_id])
     target_user: Mapped["User"] = relationship("User", foreign_keys=[target_user_id])