Multi-tenancy : espaces de travail + fix auth reload (rate limiter OPTIONS)

- Modèles Organization + OrgMember, migration Alembic (SQLite compatible)
- organization_id nullable sur Document, Decision, Mandate, VotingProtocol
- Service, schéma, router /organizations + dependency get_active_org_id
- Seed : Duniter G1 + Axiom Team ; tout le contenu seed attaché à Duniter G1
- Backend : list/create filtrés par header X-Organization
- Frontend : store organizations, WorkspaceSelector réel, useApi injecte l'org
- Fix critique : rate_limiter exclut les requêtes OPTIONS (CORS preflight)
  → résout le bug "Failed to fetch /auth/me" au reload (429 sur preflight)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/models/mandate.py

@@ -15,6 +15,7 @@ class Mandate(Base):
     description: Mapped[str | None] = mapped_column(Text)
     mandate_type: Mapped[str] = mapped_column(String(64), nullable=False)  # techcomm, smith, custom
     status: Mapped[str] = mapped_column(String(32), default="draft")  # draft, candidacy, voting, active, reporting, completed, revoked
+    organization_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("organizations.id"), nullable=True, index=True)
     mandatee_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("duniter_identities.id"))
     decision_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("decisions.id"))
     starts_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True))