refactor(big-bang): cards → wordeck im gesamten Code-Layer

Phase 2 des cards→wordeck Big-Bang-Rebrand:

- 4 package.json: @cards/* → @wordeck/*
- packages/cards-domain/ → packages/wordeck-domain/
- 41+12 Files: from '@cards/domain' → '@wordeck/domain'
- pgSchema('cards') → pgSchema('wordeck') (Drizzle-Schema)
- 17 Files: process.env.CARDS_* → process.env.WORDECK_*
- docker-compose Service-Names: cards-* → wordeck-*
- docker-compose Volume: /Volumes/ManaData/cards → wordeck
- env-vars in compose: CARDS_DB_PASSWORD/_API_VERSION/_DSGVO_SERVICE_KEY etc. → WORDECK_*
- Log-Prefixes + Error-Strings + manifest-id 'cards' → 'wordeck'
- CORS-Origin cardecky.mana.how → wordeck.com
- .env.production.example umbenannt + S3-Key entfernt (kein MinIO mehr)

Type-Check 0 Errors in api+domain+web, 51/51 Domain-Tests grün.

DB-Rename + Container/Volume-Rename auf mana-server folgen in nächstem
Commit nach Verzeichnis-Rename.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

apps/api/tests/dsgvo.test.ts

@@ -4,18 +4,18 @@ import { Hono } from 'hono';
 import { dsgvoRouter } from '../src/routes/dsgvo.ts';
 import type { CardsDb } from '../src/db/connection.ts';
 
-const ORIG_ENV = process.env.CARDS_DSGVO_SERVICE_KEY;
+const ORIG_ENV = process.env.WORDECK_DSGVO_SERVICE_KEY;
 const TEST_KEY = 'msk_test_dsgvo_key_42';
 
 beforeEach(() => {
-	process.env.CARDS_DSGVO_SERVICE_KEY = TEST_KEY;
+	process.env.WORDECK_DSGVO_SERVICE_KEY = TEST_KEY;
 });
 
 afterEach(() => {
 	if (ORIG_ENV === undefined) {
-		delete process.env.CARDS_DSGVO_SERVICE_KEY;
+		delete process.env.WORDECK_DSGVO_SERVICE_KEY;
 	} else {
-		process.env.CARDS_DSGVO_SERVICE_KEY = ORIG_ENV;
+		process.env.WORDECK_DSGVO_SERVICE_KEY = ORIG_ENV;
 	}
 });
 
@@ -98,7 +98,7 @@ describe('dsgvoRouter — Service-Key-Gate', () => {
 
 describe('dsgvoRouter — Key-not-configured Pfad', () => {
 	it('Wenn ENV fehlt → 500 service_key_not_configured', async () => {
-		delete process.env.CARDS_DSGVO_SERVICE_KEY;
+		delete process.env.WORDECK_DSGVO_SERVICE_KEY;
 		const { app } = buildApp();
 		const res = await app.request('/api/v1/dsgvo/export?user_id=u-1', {
 			headers: { 'X-Service-Key': 'whatever' },

apps/api/tests/marketplace-version-hash.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, it } from 'vitest';
 
-import { cardContentHash } from '@cards/domain';
+import { cardContentHash } from '@wordeck/domain';
 
 import { hashVersionCards } from '../src/lib/marketplace/version-hash.ts';
 
@@ -38,7 +38,7 @@ describe('hashVersionCards', () => {
 		expect(inOrder).toBe(reversedInput);
 	});
 
-	it('uses cardContentHash for per-card identity (consumes @cards/domain SoT)', async () => {
+	it('uses cardContentHash for per-card identity (consumes @wordeck/domain SoT)', async () => {
 		// Smoke: changing fields without changing the type must change the
 		// per-card hash (cardContentHash semantics) and therefore the
 		// version hash.

apps/api/tests/setup.ts

@@ -4,6 +4,6 @@
 // Aktiviert den X-User-Id-Dev-Stub für Tests, weil die Suiten ohne
 // echten mana-auth-JWKS laufen. In Produktion ist der Stub fail-secure
 // AUS (siehe apps/api/src/middleware/auth.ts).
-if (process.env.CARDS_AUTH_DEV_STUB === undefined) {
-	process.env.CARDS_AUTH_DEV_STUB = 'true';
+if (process.env.WORDECK_AUTH_DEV_STUB === undefined) {
+	process.env.WORDECK_AUTH_DEV_STUB = 'true';
 }