Multi-tenancy : espaces de travail + fix auth reload (rate limiter OPTIONS)

- Modèles Organization + OrgMember, migration Alembic (SQLite compatible)
- organization_id nullable sur Document, Decision, Mandate, VotingProtocol
- Service, schéma, router /organizations + dependency get_active_org_id
- Seed : Duniter G1 + Axiom Team ; tout le contenu seed attaché à Duniter G1
- Backend : list/create filtrés par header X-Organization
- Frontend : store organizations, WorkspaceSelector réel, useApi injecte l'org
- Fix critique : rate_limiter exclut les requêtes OPTIONS (CORS preflight)
  → résout le bug "Failed to fetch /auth/me" au reload (429 sur preflight)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/dependencies/org.py

@@ -0,0 +1,26 @@
+"""FastAPI dependency: resolve X-Organization header → org UUID."""
+
+from __future__ import annotations
+
+import uuid
+
+from fastapi import Depends, Header
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.database import get_db
+from app.services.org_service import get_organization_by_slug
+
+
+async def get_active_org_id(
+    x_organization: str | None = Header(default=None, alias="X-Organization"),
+    db: AsyncSession = Depends(get_db),
+) -> uuid.UUID | None:
+    """Return the UUID of the org named in the X-Organization header, or None.
+
+    None means no org filter — used for backward compat and internal tooling.
+    An unknown slug is silently treated as None (don't break the client).
+    """
+    if not x_organization:
+        return None
+    org = await get_organization_by_slug(db, x_organization)
+    return org.id if org else None