feat: Member permissions, optional phone, public users endpoint

- Allow members to create todos, companies, projects
- Auto-assign creator to resources (companyUsers, projectUsers, todoUsers)
- Add public /api/users endpoint for all authenticated users
- Make phone field optional in personal contacts (schema + validation)
- Update todo routes to use checkTodoAccess for updates

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/services/todo.service.js

@@ -207,6 +207,16 @@ export const createTodo = async (userId, data) => {
     await db.insert(todoUsers).values(todoUserInserts);
   }
 
+  // Auto-assign the creator to the todo so they can access it (if not already assigned)
+  const creatorAlreadyAssigned = assignedUserIds && assignedUserIds.includes(userId);
+  if (!creatorAlreadyAssigned) {
+    await db.insert(todoUsers).values({
+      todoId: newTodo.id,
+      userId: userId,
+      assignedBy: userId,
+    });
+  }
+
   return newTodo;
 };