Refactor notification authorization to use membership repositories

[MarkADom]

Motivation

• Move all contextual authorization checks in notifications off aggregate collection traversal and onto membership repository lookups to centralize and speed authorization decisions.
• Preserve existing controller contracts, transactional boundaries, and domain aggregate collections while avoiding repository injection into controllers.

Description

• Replaced checks against board.members, project.projectMembers, and task.members in NotificationService with repository calls to existsByBoardIdAndUserId, existsByProjectIdAndUserId, and existsByTaskIdAndUserId respectively.
• Injected BoardMemberRepository, ProjectMemberRepository, and TaskMemberRepository into NotificationService and used actor id lookups for repository-based authorization while keeping aggregates intact.
• Updated NotificationServiceTest to mock the new member repositories, adapt board/project/task test fixtures, and add verifications that the membership repository methods are invoked for authorization.
• No controller signatures were changed and transactional behavior was left unchanged.

Testing

• Updated unit tests: NotificationServiceTest now includes mocks for BoardMemberRepository, ProjectMemberRepository, and TaskMemberRepository and asserts repository method calls for board/project/task authorization; these test changes are committed.
• Attempted to run the targeted service tests locally, but test execution was blocked by the environment failing to resolve an external Gradle plugin (io.gitlab.arturbosch.detekt), so automated runs did not complete.
• The test modifications are structured to be runnable in CI or a local environment with normal Gradle plugin resolution and should pass once dependencies can be resolved.

---

Codex Task