feat(01-foundation-01): monorepo scaffolding, Docker Compose, and shared data models

- pyproject.toml: uv workspace with 5 member packages (shared, gateway, router, orchestrator, llm-pool)
- docker-compose.yml: PostgreSQL 16 + Redis 7 + Ollama services on konstruct-net
- .env.example: all required env vars documented, konstruct_app role (not superuser)
- scripts/init-db.sh: creates konstruct_app role at DB init time
- packages/shared/shared/config.py: Pydantic Settings loading all env vars
- packages/shared/shared/models/message.py: KonstructMessage, ChannelType, SenderInfo, MessageContent
- packages/shared/shared/models/tenant.py: Tenant, Agent, ChannelConnection SQLAlchemy 2.0 models
- packages/shared/shared/models/auth.py: PortalUser model for admin portal auth
- packages/shared/shared/db.py: async SQLAlchemy engine, session factory, get_session dependency
- packages/shared/shared/rls.py: current_tenant_id ContextVar and configure_rls_hook with parameterized SET LOCAL
- packages/shared/shared/redis_keys.py: tenant-namespaced key constructors (rate_limit, idempotency, session, engaged_thread)

scripts/init-db.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+# PostgreSQL initialization script
+# Creates the konstruct_app application role with limited privileges.
+# The postgres superuser role is NEVER used by application code.
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    DO \$\$
+    BEGIN
+        IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'konstruct_app') THEN
+            CREATE ROLE konstruct_app WITH LOGIN PASSWORD 'konstruct_dev';
+        END IF;
+    END
+    \$\$;
+
+    GRANT CONNECT ON DATABASE konstruct TO konstruct_app;
+    GRANT USAGE ON SCHEMA public TO konstruct_app;
+EOSQL
+
+echo "konstruct_app role created successfully."