Security: Roll out RLS session context to all server actions

The infrastructure for RLS session context is now in place (see migration 0008). 

We need to update all server actions that interact with user-scoped data to use the `withUserContext` helper.

### Tasks
- [ ] Audit all server actions in `src/server/actions`
- [ ] Update `createIssue`, `updateProfile`, etc. to use `withUserContext`
- [ ] Verify RLS enforcement for each action