fix: security hardening + performance refactoring (code review batch 1)

- IDOR fix: deliberation vote now verifies juryMemberId === ctx.user.id
- Rate limiting: tRPC middleware (100/min), AI endpoints (5/hr), auth IP-based (10/15min)
- 6 compound indexes added to Prisma schema
- N+1 eliminated in processRoundClose (batch updateMany/createMany)
- N+1 eliminated in batchCheckRequirementsAndTransition (3 batch queries)
- Service extraction: juror-reassignment.ts (578 lines)
- Dead code removed: award.ts, cohort.ts, decision.ts (680 lines)
- 35 bare catch blocks replaced across 16 files
- Fire-and-forget async calls fixed
- Notification false positive bug fixed

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/server/routers/mentor.ts

@@ -538,7 +538,8 @@ export const mentorRouter = router({
           } else {
             failed++
           }
-        } catch {
+        } catch (err) {
+          console.error('Failed to send mentor assignment notifications:', err)
           failed++
         }
       }
@@ -866,8 +867,8 @@ export const mentorRouter = router({
           ipAddress: ctx.ip,
           userAgent: ctx.userAgent,
         })
-      } catch {
-        // Audit log errors should never break the operation
+      } catch (err) {
+        console.error('[Mentor] Audit log failed:', err)
       }
 
       return note
@@ -1081,8 +1082,8 @@ export const mentorRouter = router({
           ipAddress: ctx.ip,
           userAgent: ctx.userAgent,
         })
-      } catch {
-        // Audit log errors should never break the operation
+      } catch (err) {
+        console.error('[Mentor] Audit log failed:', err)
       }
 
       return { completion, allRequiredDone }