fix(audit-tier-2): error-surface hygiene — toastError + CodedError sweep

Two mechanical sweeps closing the audit's HIGH §16 + MED §11 findings:

* 38 client components / 56 toast.error sites converted to
  toastError(err) so the new admin error inspector becomes usable from
  user-reported issues — every failed inline-edit, save, send, archive,
  upload, etc. now carries the request-id + error-code (Copy ID action).
* 26 service files / 62 bare-Error throws converted to CodedError or
  the existing AppError subclasses.  Adds new error codes:
  DOCUMENSO_UPSTREAM_ERROR (502), DOCUMENSO_AUTH_FAILURE (502),
  DOCUMENSO_TIMEOUT (504), OCR_UPSTREAM_ERROR (502),
  IMAP_UPSTREAM_ERROR (502), UMAMI_UPSTREAM_ERROR (502),
  UMAMI_NOT_CONFIGURED (409), and INSERT_RETURNING_EMPTY (500) for
  post-insert returning-empty guards.
* Five vitest assertions updated to match the new user-facing wording
  (client-merge "already been merged", expense/interest "couldn't find
  that …", documenso "signing service didn't respond").

Test status: 1168/1168 vitest, tsc clean.

Refs: docs/audit-comprehensive-2026-05-05.md HIGH §16 (auditor-H Issue 1)
+ MED §11 (auditor-G Issue 1).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/lib/services/notes.service.ts

@@ -6,7 +6,7 @@ import { interestNotes, interests } from '@/lib/db/schema/interests';
 import { yachtNotes, yachts } from '@/lib/db/schema/yachts';
 import { companyNotes, companies } from '@/lib/db/schema/companies';
 import { userProfiles } from '@/lib/db/schema/users';
-import { NotFoundError, ValidationError } from '@/lib/errors';
+import { CodedError, NotFoundError, ValidationError } from '@/lib/errors';
 import type { CreateNoteInput, UpdateNoteInput } from '@/lib/validators/notes';
 
 const EDIT_WINDOW_MS = 15 * 60 * 1000; // 15 minutes
@@ -141,7 +141,10 @@ export async function create(
       .insert(yachtNotes)
       .values({ yachtId: entityId, authorId, content: data.content })
       .returning();
-    if (!note) throw new Error('Insert failed');
+    if (!note)
+      throw new CodedError('INSERT_RETURNING_EMPTY', {
+        internalMessage: 'Yacht note insert returned no row',
+      });
     const profile = await db
       .select({ displayName: userProfiles.displayName })
       .from(userProfiles)
@@ -154,7 +157,10 @@ export async function create(
       .insert(companyNotes)
       .values({ companyId: entityId, authorId, content: data.content })
       .returning();
-    if (!note) throw new Error('Insert failed');
+    if (!note)
+      throw new CodedError('INSERT_RETURNING_EMPTY', {
+        internalMessage: 'Company note insert returned no row',
+      });
     const profile = await db
       .select({ displayName: userProfiles.displayName })
       .from(userProfiles)
@@ -168,7 +174,10 @@ export async function create(
       .values({ clientId: entityId, authorId, content: data.content })
       .returning();
 
-    if (!note) throw new Error('Insert failed');
+    if (!note)
+      throw new CodedError('INSERT_RETURNING_EMPTY', {
+        internalMessage: 'Client note insert returned no row',
+      });
 
     const profile = await db
       .select({ displayName: userProfiles.displayName })
@@ -204,7 +213,10 @@ export async function create(
       .values({ interestId: entityId, authorId, content: data.content })
       .returning();
 
-    if (!note) throw new Error('Insert failed');
+    if (!note)
+      throw new CodedError('INSERT_RETURNING_EMPTY', {
+        internalMessage: 'Interest note insert returned no row',
+      });
 
     const profile = await db
       .select({ displayName: userProfiles.displayName })
@@ -235,7 +247,9 @@ export async function create(
 
     return { ...note, authorName };
   }
-  throw new Error(`Unsupported entityType: ${entityType as string}`);
+  throw new CodedError('INTERNAL', {
+    internalMessage: `Unsupported entityType: ${entityType as string}`,
+  });
 }
 
 export async function update(