feat(api): replace api-notion-fetch with api-native fetch jobs (#143)

* ci(workflows): enforce content-branch sync and smarter deploy trigger

Sync content with origin/main before any generated-content commit in
clean-content and translate-docs workflows. Replace workflow_run trigger
in deploy-staging with push-based detection on content/main branches,
adding bash logic to skip deploys when no relevant paths changed.
Also fix fromJSON string workarounds in translate-docs with format().

* feat(api): implement fetch-ready/fetch-all runtime contracts and safety semantics

* ci(workflows): add api-validate workflow and remove legacy api-notion-fetch

* docs(fetch): document api-native fetch model and rollout validation

* fix(ci): harden api-validate auth handling

* fix(ci): set content-repo env for api-validate workflow

* fix(api-server): address codex review feedback

- Skip auth for OPTIONS requests to allow CORS preflight without credentials
- Track ready-to-publish pages for status transitions before child replacement
- Fix bun.lock pattern in Dockerfile (bun.lockb* → bun.lock*)

Fixes P1: CORS preflight receiving 401 instead of 204
Fixes P1: Empty transitionCandidates when children replace parents
Fixes P2: Missing lockfile in Docker builds

* fix(api-server): address more codex review feedback

- Use config.contentBranch instead of hardcoded "content" in git fetch
- Add withTimeout wrapper to enforce timeout during Notion fetch phase

Fixes P1: prepareContentBranchForFetch fails when GITHUB_CONTENT_BRANCH is non-default
Fixes P1: fetchAllNotionData ignores JOB_TIMEOUT_MS when Notion API stalls

* fix(api-server): track ready-to-publish pages for status transitions correctly

* fix(api-server): correct fetch-ready transition logic and stabilize tests

- Modified fetchAllNotionData to return candidateIds (original 'Ready to publish' IDs)
- Updated fetch-job-runner to use candidateIds for transitions, ensuring parents are transitioned even if replaced by children
- Fixed memory leak in withTimeout by clearing the timer
- Stabilized persistence tests by adding waitForPendingWrites() before tracker destruction
- Fixed out-of-sync API documentation validation tests
- Prevented environment variable interference in auth tests by clearing keys in beforeEach
- Allowed fallback values in GitHub Actions secret handling tests
- Made log rotation tests async and properly awaited persistence calls

* fix(api-server): handle job aborts correctly on server restart

This addresses PR 143 review feedback by replacing UNKNOWN with SERVER_RESTART_ABORT, handling in-flight state gracefully, and documenting API fetching mechanics.

* fix(api-server): handle edge cases, enhance error handling and validation

Author: luandro