Drexo v0.2.1 — Sharing fixes + Inbox retirement

Post-login redirect loop fixed, dashboard page crash fixed, tenant Inbox retired in favour of /partages.

Stabilisation release following v0.2.0. Three bugs found after the unified-sharing rollout, plus a UX cleanup aligned with the new architecture.

Fixes

/ ↔ /login redirect loop after login. An RLS policy inadvertently added to personal_dashboards queried share_grants (itself RLS-gated), causing infinite recursion (42P17). The Supabase JS SDK swallowed the error as data: null, and the / page silently fell through to its "redirect to /login" fallback instead of opening the dashboard. Migration 0079 restores the owner-only policy; share recipients still see shared dashboards via the get_dashboard_for_view RPC (SECURITY DEFINER, RLS- bypassing).
Session cookies not set on the /auth/confirm redirect (magic link + Google/Microsoft OAuth). Next 16 doesn't auto-merge cookies written via next/headers cookies() into a manually-constructed NextResponse.redirect(). The auth route handlers now capture cookies into a local list and explicitly attach them via response.cookies.set() before returning.
Dashboard page crash on login. The list_dashboard_share_grants RPC added in Priority A declared an id uuid column in its returns table (…) clause, creating an ambiguous reference with personal_dashboards.id in the function body (42702). Every /dashboards/<id> render rejected its parallel fetch. Fixed by qualifying the column reference (pd.id instead of bare id).
Hourly-heatmap colour ceiling — pinned to the per-meter 90-day peak instead of a global cap, as promised by v0.2.0 but regressed during the same cycle. Restored.

The tenant Inbox is retired (migration 0080). Previously the left rail rendered an amber "Inbox" folder under each organisation, collecting both tenant-owned unplaced devices and devices shared TO the organisation without placement. Both flows are now covered by the new architecture:
- Shared devices — /partages → "Shared zones with me" → expand zone → "Place in my tree" button on each device.
- Owned unplaced devices — /settings/org/<slug>/locations (the tree editor) or the placement editor on /devices/<id>.
Keeping the Inbox duplicated these surfaces and confused the recipient flow.

No manual action required. Migrations 0079 (RLS recursion revert) and 0080 (Inbox retirement) are backwards-compatible with the existing front-end.