chore: add pre-commit hooks, tighten ESLint, activate Sentry DSN, publish CI coverage (Phase 1)

- Install husky v9 + lint-staged: pre-commit runs eslint --fix and prettier on staged files
- Tighten ESLint base config: no-console→error, ban-ts-comment (ts-ignore banned, ts-expect-error with description allowed), reportUnusedDisableDirectives→error
- Migrate web app from deprecated `next lint` to `eslint src/` with flat config and react-hooks plugin
- Convert all 5 @ts-ignore to @ts-expect-error with descriptions, remove stale disable comments
- Add NEXT_PUBLIC_SENTRY_DSN to docker-compose.prod.yml and .env.example
- Add coverage artifact upload step to CI test job
- Pre-existing violations (102 warnings) downgraded to warn in web config for Phase 2 cleanup

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

apps/web/src/app/api/cron/auth-anomaly-check/route.ts

@@ -115,7 +115,6 @@ export async function GET(request: Request) {
           )
           .join("; ");
 
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
         await createNotificationsForUsers({
           db: prisma as any,
           userIds: adminUsers.map((u) => u.id),
@@ -128,7 +127,10 @@ export async function GET(request: Request) {
         });
 
         logger.warn(
-          { anomalies: report.anomalies, window: { start: report.windowStartedAt, end: report.windowEndedAt } },
+          {
+            anomalies: report.anomalies,
+            window: { start: report.windowStartedAt, end: report.windowEndedAt },
+          },
           "Auth anomaly cron: anomalies detected and admins notified",
         );
       }
@@ -140,9 +142,6 @@ export async function GET(request: Request) {
     });
   } catch (error) {
     logger.error({ error, route: "/api/cron/auth-anomaly-check" }, "Auth anomaly cron failed");
-    return NextResponse.json(
-      { ok: false, error: "Internal error" },
-      { status: 500 },
-    );
+    return NextResponse.json({ ok: false, error: "Internal error" }, { status: 500 });
   }
 }