chore(ci): add type-check workflow

[Uarmagan]

Summary

This adds a dedicated type-check job to the existing unit-test GitHub Actions workflow, so bun run type-check is enforced by CI instead of only being a local/manual check.

The root type-check was not clean on origin/main, so this PR also tightens the root TypeScript config and fixes the few source issues that blocked it from becoming a reliable CI gate.

After opening the PR, CI also exposed an e2e flake in the OAuth sidebar connection-status test: Playwright hit a native JavaScript dialog while the page/session was closing and reported Page.handleJavaScriptDialog. This PR now makes the OAuth e2e harness neutralize native dialogs during those mocked OAuth tests, and enables CI-only Playwright retries so transient browser/session flakes get another attempt without changing local fail-fast behavior.

What changed

• Added a separate type-check job to .github/workflows/test-unit.yml.
• The new job mirrors the existing unit-test setup:
  • checkout
  • Node 24
  • Bun 1.2.18
  • Bun dependency cache
  • bun install --frozen-lockfile
  • bun run type-check
• Updated the root TypeScript config so the root no-emit check focuses on source files, while package test runners remain responsible for test files.
• Made runtime globals explicit for TypeScript by including Bun, Jest, and Node types.
• Updated the root compiler target/module to handle current Bun scripts and import.meta usage.
• Removed stale TypeScript suppressions that are no longer needed.
• Cleaned up a couple of migration-script typing issues so the source check passes without weakening the check.
• Hardened the OAuth e2e test setup against native alert/confirm/prompt dialogs.
• Added CI-only Playwright retries; local e2e runs still use zero retries.

Why

The TypeScript upgrade showed that CI did not currently prove the repo type-checks. Package tests are useful, but they do not catch the same class of compiler/configuration issues. This makes type-checking a first-class CI signal going forward.

The OAuth e2e update keeps mocked OAuth tests focused on app state instead of failing on browser dialog plumbing during CI teardown.

Validation

• bun run type-check passed.
• bun run test:scripts passed.
• bun run test:backend passed when run by itself.
• bun run lint exited successfully with the existing repo warning backlog.
• bun run format:check completed without changes.
• git diff --check passed.
• bunx playwright test e2e/oauth --project=chromium-desktop --repeat-each=5 passed: 70/70.
• CI=1 bun run test:e2e passed locally: 30 passed, 3 skipped.

Note

I initially ran backend and scripts tests at the same time locally and backend hit the known local Mongo test harness collision around globalConfig.json. Rerunning backend by itself passed, and CI runs jobs in isolated runners.