fix(audit-tier-2): error-surface hygiene — toastError + CodedError sweep

Two mechanical sweeps closing the audit's HIGH §16 + MED §11 findings:

* 38 client components / 56 toast.error sites converted to
  toastError(err) so the new admin error inspector becomes usable from
  user-reported issues — every failed inline-edit, save, send, archive,
  upload, etc. now carries the request-id + error-code (Copy ID action).
* 26 service files / 62 bare-Error throws converted to CodedError or
  the existing AppError subclasses.  Adds new error codes:
  DOCUMENSO_UPSTREAM_ERROR (502), DOCUMENSO_AUTH_FAILURE (502),
  DOCUMENSO_TIMEOUT (504), OCR_UPSTREAM_ERROR (502),
  IMAP_UPSTREAM_ERROR (502), UMAMI_UPSTREAM_ERROR (502),
  UMAMI_NOT_CONFIGURED (409), and INSERT_RETURNING_EMPTY (500) for
  post-insert returning-empty guards.
* Five vitest assertions updated to match the new user-facing wording
  (client-merge "already been merged", expense/interest "couldn't find
  that …", documenso "signing service didn't respond").

Test status: 1168/1168 vitest, tsc clean.

Refs: docs/audit-comprehensive-2026-05-05.md HIGH §16 (auditor-H Issue 1)
+ MED §11 (auditor-G Issue 1).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/lib/error-codes.ts

@@ -207,6 +207,55 @@ export const ERROR_CODES = {
     status: 403,
     userMessage: 'This request was rejected by the security check.',
   },
+
+  // ─── Upstream integrations ──────────────────────────────────────────
+  DOCUMENSO_UPSTREAM_ERROR: {
+    status: 502,
+    userMessage:
+      "The signing service didn't respond as expected. Please retry, and if it keeps happening, ping an admin.",
+    hint: 'Documenso returned a non-2xx; check Documenso health + auth.',
+  },
+  DOCUMENSO_AUTH_FAILURE: {
+    status: 502,
+    userMessage:
+      'The signing service rejected our request. An admin will need to refresh the API key.',
+    hint: 'Documenso 401/403 — API key likely revoked or rotated.',
+  },
+  DOCUMENSO_TIMEOUT: {
+    status: 504,
+    userMessage: 'The signing service is taking too long to respond. Please try again in a moment.',
+  },
+  OCR_UPSTREAM_ERROR: {
+    status: 502,
+    userMessage:
+      "The receipt scanner didn't respond as expected. Please retry, or fill the fields manually.",
+  },
+  IMAP_UPSTREAM_ERROR: {
+    status: 502,
+    userMessage:
+      "We couldn't fetch your inbox just now. Please retry, and check your IMAP credentials if it persists.",
+  },
+  UMAMI_UPSTREAM_ERROR: {
+    status: 502,
+    userMessage: "Analytics data isn't available right now. Please try again shortly.",
+  },
+  UMAMI_NOT_CONFIGURED: {
+    status: 409,
+    userMessage:
+      'Analytics has not been configured for this port. Ask an admin to set up the integration.',
+  },
+
+  // ─── Internal post-insert guards ────────────────────────────────────
+  // Surfaced as a generic "something went wrong" toast because the cause
+  // is always a programmer / DB-state issue (returning row absent after a
+  // successful insert, etc.) — the rep can't action it but support can,
+  // via the request-id lookup. Use only with `internalMessage`.
+  INSERT_RETURNING_EMPTY: {
+    status: 500,
+    userMessage:
+      'Something went wrong on our end. Please try again, and quote the error ID below if it keeps happening.',
+    hint: 'A db.insert(...).returning() came back empty — DB constraint or transaction-rollback bug.',
+  },
 } as const satisfies Record<string, ErrorCodeEntry>;
 
 export type ErrorCode = keyof typeof ERROR_CODES;