feat: v1.0.0 — UX polish, security hardening, code quality

UI/UX:
- Bill detail page tab UI (Analysis / Timeline / Votes / Notes)
- Topic tag pills on bill detail and listing pages — filtered to known
  topics, clickable, properly labelled via shared lib/topics.ts
- Notes panel always-open in Notes tab; sign-in prompt for guests
- Collapsible sidebar with icon-only mode and localStorage persistence
- Bills page defaults to has-text filter enabled
- Follow mode dropdown transparency fix
- Favicon (Landmark icon, blue background)

Security:
- Fernet encryption for ntfy passwords at rest (app/core/crypto.py)
- Separate ENCRYPTION_SECRET_KEY env var; falls back to JWT derivation
- ntfy_password no longer returned in GET response — replaced with
  ntfy_password_set: bool; NotificationSettingsUpdate type for writes
- JWT_SECRET_KEY fail-fast on startup if using default placeholder
- get_optional_user catches (JWTError, ValueError) only, not Exception

Bug fixes & code quality:
- Dashboard N+1 topic query replaced with single OR query
- notification_utils.py topic follower N+1 replaced with batch query
- Note query in bill detail page gated on token (enabled: !!token)
- search.py max_length=500 guard against oversized queries
- CollectionCreate.validate_name wired up with @field_validator
- LLM_RATE_LIMIT_RPM default raised from 10 to 50

Authored by: Jack Levy

frontend/app/notifications/page.tsx

@@ -297,7 +297,7 @@ export default function NotificationsPage() {
     setAuthMethod(settings.ntfy_auth_method ?? "none");
     setToken(settings.ntfy_token ?? "");
     setUsername(settings.ntfy_username ?? "");
-    setPassword(settings.ntfy_password ?? "");
+    setPassword(""); // never pre-fill — password_set bool shows whether one is stored
     setEmailAddress(settings.email_address ?? "");
     setEmailEnabled(settings.email_enabled ?? false);
     setDigestEnabled(settings.digest_enabled ?? false);
@@ -333,7 +333,7 @@ export default function NotificationsPage() {
         ntfy_auth_method: authMethod,
         ntfy_token: authMethod === "token" ? token : "",
         ntfy_username: authMethod === "basic" ? username : "",
-        ntfy_password: authMethod === "basic" ? password : "",
+        ntfy_password: authMethod === "basic" ? (password || undefined) : "",
         ntfy_enabled: enabled,
       },
       { onSuccess: () => { setNtfySaved(true); setTimeout(() => setNtfySaved(false), 2000); } }
@@ -565,7 +565,9 @@ export default function NotificationsPage() {
                 </div>
                 <div className="space-y-1.5">
                   <label className="text-sm font-medium">Password</label>
-                  <input type="password" placeholder="your-password" value={password}
+                  <input type="password"
+                    placeholder={settings?.ntfy_password_set && !password ? "••••••• (saved — leave blank to keep)" : "your-password"}
+                    value={password}
                     onChange={(e) => setPassword(e.target.value)}
                     className="w-full px-3 py-2 text-sm bg-background border border-border rounded-md focus:outline-none focus:ring-1 focus:ring-primary" />
                 </div>