chore: add Coolify deployment scaffolding (Dockerfiles, prod compose, git hygiene)

- apps/api/Dockerfile: build NestJS, run prisma migrate deploy on start
- apps/web/Dockerfile + nginx.conf: build Vite, serve static, proxy /api -> api
- docker-compose.coolify.yml: full prod stack (postgres, redis, minio, keycloak, api, web)
- .dockerignore / .gitignore / .gitattributes

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

apps/api/src/modules/contracts/contracts-global.controller.ts

@@ -0,0 +1,39 @@
+import { Controller, Get, Query, UseGuards, Request } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+import { RolesGuard } from '../../common/guards/roles.guard';
+import { Roles } from '../../common/decorators/roles.decorator';
+import { ContractsGlobalService, ContractStatus } from './contracts-global.service';
+
+interface AuthReq extends Request { user: { id: string; role: string } }
+
+interface ContractsQuery {
+  page?: string;
+  limit?: string;
+  departmentId?: string;
+  perioada?: string;
+  status?: ContractStatus;
+  search?: string;
+}
+
+@Controller('contracts')
+@UseGuards(AuthGuard('jwt'), RolesGuard)
+export class ContractsGlobalController {
+  constructor(private readonly svc: ContractsGlobalService) {}
+
+  @Get()
+  @Roles('hr_admin', 'hr_specialist')
+  findAll(@Query() q: ContractsQuery, @Request() req: AuthReq) {
+    return this.svc.findAll(
+      {
+        page: q.page ? Number(q.page) : 1,
+        limit: q.limit ? Number(q.limit) : 50,
+        departmentId: q.departmentId,
+        perioada: q.perioada,
+        status: q.status,
+        search: q.search,
+      },
+      req.user.id,
+      req.user.role,
+    );
+  }
+}