init: M1 scaffolding + M2 organization/clients/services CRUD

- monorepo (npm workspaces): apps/api (Fastify+Prisma+TS), apps/web (Vite+React+TS), packages/shared (zod schemas)
- SSO via auth.queo.ru: jose+JWKS plugin, requireDocPermission(viewer|user|admin)
- DEV_BYPASS_AUTH for local development (hard-checked off in production)
- M2: organization upsert, clients CRUD with search, services catalog with soft-delete
- BigInt -> Number serializer for Prisma money columns
- Embedded Postgres + npm run dev:demo for one-command local boot
- Docker compose for queoserver: postgres + api + web (nginx as ingress proxying /api -> api:3030)
- First migration 0_init committed (prisma migrate diff)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docker/.env.example

@@ -0,0 +1,19 @@
+# Заполнить и переименовать в .env (рядом с docker-compose.yml)
+
+POSTGRES_DB=docmanager
+POSTGRES_USER=docmanager
+POSTGRES_PASSWORD=change-me-strong-password
+
+# AES-256-GCM ключ для шифрования JWT-токенов Точки в БД (32 байта в base64).
+# node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
+TOCHKA_JWT_KEY=
+
+# Случайная строка в URL-пути приёмника webhook (длинная, например 32+ символов).
+# node -e "console.log(require('crypto').randomBytes(24).toString('hex'))"
+TOCHKA_WEBHOOK_SECRET=
+
+# UUID единственной организации в v1.
+DEFAULT_ORGANIZATION_ID=00000000-0000-0000-0000-000000000001
+
+# Токен для browserless/chromium контейнера.
+CHROMIUM_TOKEN=