fix: security hardening + performance refactoring (code review batch 1)

- IDOR fix: deliberation vote now verifies juryMemberId === ctx.user.id
- Rate limiting: tRPC middleware (100/min), AI endpoints (5/hr), auth IP-based (10/15min)
- 6 compound indexes added to Prisma schema
- N+1 eliminated in processRoundClose (batch updateMany/createMany)
- N+1 eliminated in batchCheckRequirementsAndTransition (3 batch queries)
- Service extraction: juror-reassignment.ts (578 lines)
- Dead code removed: award.ts, cohort.ts, decision.ts (680 lines)
- 35 bare catch blocks replaced across 16 files
- Fire-and-forget async calls fixed
- Notification false positive bug fixed

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/server/routers/_app.ts

@@ -36,10 +36,7 @@ import { projectPoolRouter } from './project-pool'
 import { wizardTemplateRouter } from './wizard-template'
 import { dashboardRouter } from './dashboard'
 // Legacy round routers (kept)
-import { cohortRouter } from './cohort'
 import { liveRouter } from './live'
-import { decisionRouter } from './decision'
-import { awardRouter } from './award'
 // Competition architecture routers (Phase 0+1)
 import { competitionRouter } from './competition'
 import { roundRouter } from './round'
@@ -94,10 +91,7 @@ export const appRouter = router({
   wizardTemplate: wizardTemplateRouter,
   dashboard: dashboardRouter,
   // Legacy round routers (kept)
-  cohort: cohortRouter,
   live: liveRouter,
-  decision: decisionRouter,
-  award: awardRouter,
   // Competition architecture routers (Phase 0+1)
   competition: competitionRouter,
   round: roundRouter,