v0.1.19

Changed

• Example note/tag UseCases enforce row ownership via assertResourceOwner (BOLA, FT146)
• /examples/notes and /examples/tags require Bearer auth when examples are enabled
• Repositories persist owner_id; list queries scoped to JWT sub

Added

• createResourceAccessDeniedHandler wired into example module
• Cross-user access returns 403 (not 200 leak)

Closes #98