Replace String() calls with .toString()/.toLocaleString() per ast-grep rule

- Add formatError() helper in CLI to safely handle unknown error types
- Add uniqueTestId() helper for generating unique test identifiers
- Replace String(id) with id.toString() for database ID conversions
- Replace String(n) with n.toLocaleString() for user-facing number formatting
- Fix TypeScript errors in test files (undefined checks, unused variables)
- Update lint commands to include ast-grep scanning

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/api-server/src/procedures/auth/signup.ts

@@ -108,7 +108,7 @@ export async function signupWithPasskey(
   const challengeRow = await db
     .selectFrom("webauthn_challenges")
     .select("options")
-    .where("id", "=", String(challengeId))
+    .where("id", "=", challengeId.toString())
     .where("created_at", ">", fifteenMinutesAgo)
     .executeTakeFirst();
 
@@ -134,7 +134,7 @@ export async function signupWithPasskey(
     // Delete the challenge
     await db
       .deleteFrom("webauthn_challenges")
-      .where("id", "=", String(challengeId))
+      .where("id", "=", challengeId.toString())
       .execute();
 
     // Log error for debugging but don't expose to client
@@ -149,7 +149,7 @@ export async function signupWithPasskey(
     // Delete the challenge
     await db
       .deleteFrom("webauthn_challenges")
-      .where("id", "=", String(challengeId))
+      .where("id", "=", challengeId.toString())
       .execute();
 
     throw new ORPCError("BAD_REQUEST", {
@@ -200,7 +200,7 @@ export async function signupWithPasskey(
       // Delete the challenge
       await trx
         .deleteFrom("webauthn_challenges")
-        .where("id", "=", String(challengeId))
+        .where("id", "=", challengeId.toString())
         .execute();
 
       return { userId: newUserId };