feat(website-intake): dual-write endpoint + migration chain repair

Adds website_submissions table + shared-secret POST endpoint so the
marketing site can dual-write inquiries alongside its NocoDB write.
Race-safe via INSERT ... ON CONFLICT, idempotent on submission_id,
refuses every request when WEBSITE_INTAKE_SECRET is unset. Also
repairs pre-existing 0020/0021/0022 prevId collision (renumbered +
journal re-sorted) so db:generate works again. 11 unit tests.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/lib/db/schema/index.ts

@@ -37,7 +37,7 @@ export * from './portal';
 // CRM admin invites (better-auth realm)
 export * from './crm-invites';
 
-// Residential (parallel domain — separate clients & interests for the
+// Residential (parallel domain - separate clients & interests for the
 // external residential team)
 export * from './residential';
 
@@ -56,8 +56,11 @@ export * from './ai-usage';
 // GDPR export tracking (Phase 3d)
 export * from './gdpr';
 
-// Migration ledger (one-shot scripts — NocoDB import etc.)
+// Migration ledger (one-shot scripts - NocoDB import etc.)
 export * from './migration';
 
-// Relations (must come last — references all tables)
+// Website submissions (dual-write capture from the marketing site)
+export * from './website-submissions';
+
+// Relations (must come last - references all tables)
 export * from './relations';