api: Write API + bulk upsert with idempotency

[victorquinn]

Summary

Implement authenticated write endpoints for all entity types with optimistic locking, delta-based versioning, and bulk upsert with idempotency keys.

Endpoints

• POST /api/v1/{entity} — Create (auth required)
• PATCH /api/v1/{entity}/:slug — Update with version check (auth required)
• POST /api/v1/{entity}/bulk — Bulk upsert with idempotency key (auth required)

Implementation

• Optimistic locking: WHERE version = expectedVersion on UPDATE
• Delta-based version creation on every write (via versioning middleware)
• Bulk upsert with idempotency_key in bulk_operations table
• Provenance tracking: source, submitted_by, change_summary
• Zod validation on all request bodies

Acceptance Criteria

• Create/Update for all entity types
• Optimistic locking prevents concurrent write conflicts
• Delta versions created automatically
• Bulk upsert with idempotency (safe to retry)
• Auth required for all write operations
• npm run build passes

Spec ref: Sections 4.3, 4.8, 3.6
Blocked by: #5, #6, #7, #8 (API utils, auth, seed, versioning)
Blocks: Sync pipeline update