backend: GDPR export + retention cleanups + worker metrics (BE-1/2/3)

BE-3 observability: expose the worker's Prometheus metrics on :6060/metrics
(apns/fcm/asynq histograms + a new cache_ops_total counter were recorded all
along but never scraped — which is why those dashboard panels read empty); add
the worker containerPort, the vmagent worker scrape job, and two additive
NetworkPolicies. Instrument cache Get/Set hit/miss.

BE-2 retention: three periodic Asynq cleanup crons mirroring the reminder-log
cleanup — notifications (90d), webhook dedup log (180d), audit_log (365d).

BE-1 GDPR data export: POST /api/auth/export/ enqueues a low-priority Asynq job
that gathers all of the user's data (owned residences + their tasks/contractors/
documents/share-codes, plus profile/notifications/prefs/push-tokens/subscription/
audit log), zips one JSON file per category, and emails it as an attachment.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

internal/router/router.go

@@ -270,6 +270,9 @@ func SetupRouter(deps *Dependencies) *echo.Echo {
 	authHandler := handlers.NewAuthHandler(authService, deps.EmailService, deps.Cache)
 	authHandler.SetStorageService(deps.StorageService)
 	authHandler.SetAuditService(auditService)
+	if deps.TaskEnqueuer != nil {
+		authHandler.SetEnqueuer(deps.TaskEnqueuer)
+	}
 	userHandler := handlers.NewUserHandler(userService)
 	residenceHandler := handlers.NewResidenceHandler(residenceService, deps.PDFService, deps.EmailService, cfg.Features.PDFReportsEnabled)
 	taskHandler := handlers.NewTaskHandler(taskService, deps.StorageService)
@@ -559,6 +562,7 @@ func setupProtectedAuthRoutes(api *echo.Group, authHandler *handlers.AuthHandler
 		auth.PUT("/profile/", authHandler.UpdateProfile)
 		auth.PATCH("/profile/", authHandler.UpdateProfile)
 		auth.DELETE("/account/", authHandler.DeleteAccount)
+		auth.POST("/export/", authHandler.ExportData)
 	}
 }