supabase e2e ci test

[Yostra]

Summary

• Adds an end-to-end CI test that exercises the full supabase
  install → backfill sync → verify flow against a real Supabase project

• Each CI run spawns an ephemeral Supabase project via the Management API and tears
  it down on completion (no shared state, no race conditions between branches)

• Safety cap: if 8+ github-ci-spawned-* projects already exist,
  the test fails fast to prevent runaway resource usage

• Fixes sslmode=prefer handling and bundled OpenAPI spec fallback for Deno edge runtime

• Makes backfill_concurrency configurable via CLI (--backfill-concurrency)

Sandbox

(Outside this PR) Stripe sandbox is seeded with the fixed amount of data that we check against.

Object | count

charges | 1110
checkout_sessions | 555
coupons | 555
customers | 555
disputes | 555
invoices | 1110
payment_intents | 1942
plans | 833
prices | 1110
products | 555
refunds | 555
setup_intents | 555
subscription_schedules | 555
subscriptions | 555

[tonyxiao]

Looks good — solid E2E test infrastructure. Two minor nits:

1. sslConfigFromConnectionString.ts:43 — Now that prefer is handled alongside require, add a comment explaining why rejectUnauthorized: false is correct:

   In Postgres's SSL hierarchy, neither prefer nor require verify the server certificate — they only guarantee encryption. Node's pg can't do the "try TLS, fall back to plaintext" dance that prefer implies, so both collapse to: encrypted connection, no certificate verification.

2. sslConfigFromConnectionString.ts:57 — The error message still lists disable, require, verify-ca, or verify-full but should now include prefer since it's a supported value.

Neither is blocking. 🚢