fix(cloud/api): make legacy /api/v1/proxy/birdeye redirect public

The legacy birdeye proxy mount returns a 308 redirect to /api/v1/apis/birdeye/*
so old clients can discover the new URL. With the path missing from
publicPathPrefixes, auth middleware ran first and returned 401 before the
redirect could fire, breaking the e2e contract:

    Group H — GET /api/v1/proxy/birdeye/* > legacy mount redirects to
      /api/v1/apis/birdeye (308): Expected 308, Received 401

The redirect target /api/v1/apis/birdeye is still auth-gated (the next test
in the same group covers that), so making the legacy mount public only
exposes the URL rewrite, not the proxy itself.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: Shaw

cloud/apps/api/src/middleware/auth.ts

@@ -58,6 +58,10 @@ const publicPathPrefixes = [
   "/api/agents",
   "/api/v1/track",
   "/api/v1/discovery",
+  // Legacy birdeye proxy is a 308 redirect to /api/v1/apis/birdeye/*. The
+  // redirect itself is public so unauthenticated clients learn the new URL;
+  // the target /api/v1/apis/birdeye is still auth-gated.
+  "/api/v1/proxy/birdeye",
   "/api/v1/discord/callback",
   "/api/v1/twitter/callback",
   "/api/v1/oauth/providers",