Add efficient board sync API: lightweight sync list + bulk fetch by ids

[RodriSanchez1]

Context

Supports the frontend board-sync work in cboard-org/cboard#2213 (PR cboard-org/cboard#2214).

Today a client that wants to keep its local boards in sync has to fetch every board in full (heavy) or call GET /board/{id} once per board (N round-trips). This adds the two endpoints needed for an efficient diff-based sync.

Changes

• GET /board/sync/{email} — returns a lightweight { id, lastEdited } list of every board for a user. The client compares this against its local copy to detect which boards changed.
• POST /board/byids — returns the full boards for a specific set of ids, so the client can fetch only the changed boards in a single request.
• Board model — add indexes on email and { email, lastEdited, _id } to back the sync queries.

Security / safety

• Both endpoints require a Bearer token (admin / user scopes).
• Non-admin callers are scoped to their own boards (by email).
• POST /board/byids filters out invalid ObjectIds and caps the request at 3000 ids (enforced in the controller, since swagger does not validate array maxItems on request bodies) to guard against runaway clients.

Tests

• Coverage for both endpoints in test/controllers/board.js (auth, admin-only access to other users, ObjectId filtering, size cap, non-admin isolation).