Comprehensive platform review: security fixes, query optimization, UI improvements, and code cleanup

Security (Critical/High):
- Fix path traversal bypass in local storage provider (path.resolve + prefix check)
- Fix timing-unsafe HMAC comparison (crypto.timingSafeEqual)
- Add auth + ownership checks to email API routes (verify-credentials, change-password)
- Remove hardcoded secret key fallback in local storage provider
- Add production credential check for MinIO (fail loudly if not set)
- Remove DB error details from health check response
- Add stricter rate limiting on application submissions (5/hour)
- Add rate limiting on email availability check (anti-enumeration)
- Change getAIAssignmentJobStatus to adminProcedure
- Block dangerous file extensions on upload
- Reduce project list max perPage from 5000 to 200

Query Optimization:
- Optimize analytics getProjectRankings with select instead of full includes
- Fix N+1 in mentor.getSuggestions (batch findMany instead of loop)
- Use _count for files instead of fetching full file records in project list
- Switch to bulk notifications in assignment and user bulk operations
- Batch filtering upserts (25 per transaction instead of all at once)

UI/UX:
- Replace Inter font with Montserrat in public layout (brand consistency)
- Use Logo component in public layout instead of placeholder
- Create branded 404 and error pages
- Make admin rounds table responsive with mobile card layout
- Fix notification bell paths to be role-aware
- Replace hardcoded slate colors with semantic tokens in admin sidebar
- Force light mode (dark mode untested)
- Adjust CardTitle default size
- Improve muted-foreground contrast for accessibility (A11Y)
- Move profile form state initialization to useEffect

Code Quality:
- Extract shared toProjectWithRelations to anonymization.ts (removed 3 duplicates)
- Remove dead code: getObjectInfo, isValidImageSize, unused batch tag functions, debug logs
- Remove unused twilio dependency
- Remove redundant email index from schema
- Add actual storage object deletion when file records are deleted
- Wrap evaluation submit + assignment update in
- Add comprehensive platform review document

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/server/services/ai-award-eligibility.ts

@@ -17,7 +17,7 @@ import { classifyAIError, createParseError, logAIError } from './ai-errors'
 import {
   anonymizeProjectsForAI,
   validateAnonymizedProjects,
-  type ProjectWithRelations,
+  toProjectWithRelations,
   type AnonymizedProjectForAI,
   type ProjectAIMapping,
 } from './anonymization'
@@ -131,32 +131,6 @@ function getFieldValue(
 
 // ─── AI Criteria Interpretation ─────────────────────────────────────────────
 
-/**
- * Convert project to enhanced format for anonymization
- */
-function toProjectWithRelations(project: ProjectForEligibility): ProjectWithRelations {
-  return {
-    id: project.id,
-    title: project.title,
-    description: project.description,
-    competitionCategory: project.competitionCategory as any,
-    oceanIssue: project.oceanIssue as any,
-    country: project.country,
-    geographicZone: project.geographicZone,
-    institution: project.institution,
-    tags: project.tags,
-    foundedAt: project.foundedAt,
-    wantsMentorship: project.wantsMentorship ?? false,
-    submissionSource: project.submissionSource ?? 'MANUAL',
-    submittedAt: project.submittedAt,
-    _count: {
-      teamMembers: project._count?.teamMembers ?? 0,
-      files: project._count?.files ?? 0,
-    },
-    files: project.files?.map(f => ({ fileType: f.fileType as any })) ?? [],
-  }
-}
-
 /**
  * Process a batch for AI eligibility evaluation
  */