feat: complete CMS v2 with Docker, Fischerei, Meetings, Verband modules + UX audit fixes

Major changes:
- Docker Compose: full Supabase stack (11 services) equivalent to supabase CLI
- Fischerei module: 16 DB tables, waters/species/stocking/catch books/competitions
- Sitzungsprotokolle module: meeting protocols, agenda items, task tracking
- Verbandsverwaltung module: federation management, member clubs, contacts, fees
- Per-account module activation via Modules page toggle
- Site Builder: live CMS data in Puck blocks (courses, events, membership registration)
- Public registration APIs: course signup, event registration, membership application
- Document generation: PDF member cards, Excel reports, HTML labels
- Landing page: real Com.BISS content (no filler text)
- UX audit fixes: AccountNotFound component, shared status badges, confirm dialog,
  pagination, duplicate heading removal, emoji→badge replacement, a11y fixes
- QA: healthcheck fix, API auth fix, enum mismatch fix, password required attribute

docker/db/dev-bootstrap.sh

@@ -0,0 +1,51 @@
+#!/bin/sh
+set -e
+
+# ===========================================================================
+# Docker dev bootstrap — runs AFTER app migrations
+# Seeds the DB, removes MFA, patches is_super_admin for local dev (no aal2).
+# ===========================================================================
+
+PSQL="psql -v ON_ERROR_STOP=0 --no-password --no-psqlrc -U supabase_admin -d postgres -h supabase-db"
+
+echo "🌱 Running seed.sql..."
+$PSQL -f /app-seed/seed.sql 2>&1 || true
+
+echo "🔓 Removing MFA factors for dev..."
+$PSQL -c "DELETE FROM auth.mfa_factors;" 2>&1 || true
+$PSQL -c "DELETE FROM auth.mfa_challenges;" 2>&1 || true
+
+echo "🔄 Fixing auth sequences after seed import..."
+$PSQL -c "SELECT setval('auth.refresh_tokens_id_seq', (SELECT COALESCE(MAX(id), 0) + 1 FROM auth.refresh_tokens));" 2>&1 || true
+$PSQL -c "SELECT setval(pg_get_serial_sequence('public.role_permissions', 'id'), (SELECT COALESCE(MAX(id), 0) + 1 FROM public.role_permissions));" 2>&1 || true
+
+echo "🔧 Patching is_super_admin() — skip aal2 for local dev..."
+cat <<'EOSQL' | $PSQL
+CREATE OR REPLACE FUNCTION public.is_super_admin() RETURNS boolean
+LANGUAGE plpgsql SECURITY DEFINER AS $fn$
+declare r boolean;
+begin
+  select (auth.jwt() ->> 'app_metadata')::jsonb ->> 'role' = 'super-admin' into r;
+  return coalesce(r, false);
+end $fn$;
+EOSQL
+
+echo "🌐 Adding anon read policy for public club pages..."
+$PSQL -c "DO \$\$ BEGIN
+  IF NOT EXISTS (SELECT 1 FROM pg_policy WHERE polname = 'accounts_public_read') THEN
+    CREATE POLICY accounts_public_read ON public.accounts FOR SELECT TO anon
+    USING (is_personal_account = false AND id IN (SELECT account_id FROM public.site_settings WHERE is_public = true));
+  END IF;
+  IF NOT EXISTS (SELECT 1 FROM pg_policy WHERE polname = 'events_public_read') THEN
+    CREATE POLICY events_public_read ON public.events FOR SELECT TO anon
+    USING (account_id IN (SELECT account_id FROM public.site_settings WHERE is_public = true));
+  END IF;
+  IF NOT EXISTS (SELECT 1 FROM pg_policy WHERE polname = 'courses_public_read') THEN
+    CREATE POLICY courses_public_read ON public.courses FOR SELECT TO anon
+    USING (account_id IN (SELECT account_id FROM public.site_settings WHERE is_public = true));
+  END IF;
+END \$\$;" 2>&1 || true
+$PSQL -c "GRANT SELECT ON public.events TO anon;" 2>&1 || true
+$PSQL -c "GRANT SELECT ON public.courses TO anon;" 2>&1 || true
+
+echo "✅ Dev bootstrap complete."