feat(analytics): persist privacy-safe role on product usage events

[kiannidev]

Fixes #249

Summary

• Adds migration 0019_product_usage_event_role.sql with an indexed role column on product_usage_events, completing the privacy-safe event shape (role, surface, event name, outcome, coarse target, occurred-at).
• Persists normalized role in recordProductUsageEvent via resolveProductUsageRole, prefers the column in daily rollup role bucketing, and sets role at MCP (miner), GitHub App, and control-panel ingestion paths.
• Tightens metadata sanitization to strip prompts, private scoreability, reviewability, farming language, and other sensitive keys/values before D1 persistence (actors remain hashed; repos/targets redacted).
• Extends test/unit/product-usage.test.ts for role persistence, MCP role inference, forbidden metadata redaction, and updated rollup cap fixtures.

Scope

• This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
• This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
• I linked an issue, or this is small enough that the summary explains why an issue is not needed.

Validation

Verified locally with npm run test:ci on Node v24.15.0 (repo requires Node >= 22 per .nvmrc).

• git diff --check
• npm run actionlint
• npm run typecheck
• npm run test:coverage locally; global coverage stays at or above 97% for lines, statements, functions, and branches (aim for 98%+ branch coverage locally so CI variance does not fail near the threshold)
• npm run test:workers
• npm run build:mcp
• npm run test:mcp-pack
• npm run ui:openapi:check
• npm run ui:lint
• npm run ui:typecheck
• npm run ui:build
• npm audit --audit-level=moderate
• New or changed behavior has unit/integration tests for new branches, fallback paths, and sanitizer boundaries

If any required check was skipped, explain why:

• None.

Coverage summary (npm run test:coverage): statements 99.08%, branches 97.00%, functions 98.40%, lines 99.66%. test/unit/product-usage.test.ts: 21/21 passed.

Safety

• No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed.
• Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics.
• Auth, cookie, CORS, GitHub App, Cloudflare, or session changes include negative-path tests.
• API/OpenAPI/MCP behavior is updated and tested where needed.
• UI changes use live API data or real empty/error/loading states, not production mock/demo fallbacks.
• Visible UI changes include screenshots or a short recording.
• Public docs/changelogs are updated where needed; changelogs are only edited for release-prep PRs.

Notes

• Builds on the existing product_usage_events table and repository helpers from the v1 analytics foundation; does not read or write audit_events.
• Parent phase: roadmap(phase 4): adoption analytics and launch system #237. Analytics dashboard work (feat(control-panel): add usage and value analytics dashboard #134) is a separate PR.
• No UI or OpenAPI surface changes; MCP ingestion only passes role: "miner" on usage events.

[JSONbored]

@kiannidev this is ready from my pass.

A few notes:

• The role persistence is scoped cleanly across API, MCP, GitHub App, queue, and rollup paths.
• The 0019_product_usage_event_role.sql migration is correctly sequenced after current main.
• The sanitizer coverage is the important part here, and the tests cover the private metadata terms that should never persist.

No code changes requested.

Validation expected:

• Keep the current green CI.
• If another migration lands first, recheck the migration number before merge.