Add timezone-aware overdue task detection

Fix issue where tasks showed as "Overdue" on the server while displaying
"Tomorrow" on the client due to timezone differences between server (UTC)
and user's local timezone.

Changes:
- Add X-Timezone header support to extract user's timezone from requests
- Add TimezoneMiddleware to parse timezone and calculate user's local "today"
- Update task categorization to accept custom time for accurate date comparisons
- Update repository, service, and handler layers to pass timezone-aware time
- Update CORS to allow X-Timezone header

The client now sends the user's IANA timezone (e.g., "America/Los_Angeles")
and the server uses it to determine if a task is overdue based on the
user's local date, not UTC.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

internal/router/router.go

@@ -172,6 +172,7 @@ func SetupRouter(deps *Dependencies) *gin.Engine {
 		// Protected routes (auth required)
 		protected := api.Group("")
 		protected.Use(authMiddleware.TokenAuth())
+		protected.Use(middleware.TimezoneMiddleware())
 		{
 			setupProtectedAuthRoutes(protected, authHandler)
 			setupResidenceRoutes(protected, residenceHandler)
@@ -202,7 +203,7 @@ func corsMiddleware(cfg *config.Config) gin.HandlerFunc {
 	return cors.New(cors.Config{
 		AllowAllOrigins:  true,
 		AllowMethods:     []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
-		AllowHeaders:     []string{"Origin", "Content-Type", "Accept", "Authorization", "X-Requested-With"},
+		AllowHeaders:     []string{"Origin", "Content-Type", "Accept", "Authorization", "X-Requested-With", "X-Timezone"},
 		ExposeHeaders:    []string{"Content-Length"},
 		AllowCredentials: false, // Must be false when AllowAllOrigins is true
 		MaxAge:           12 * time.Hour,