feat(backend): Add database initialization and seed data scripts (Phase 3)

Implemented complete database initialization and seed data system for Docker development environment.

Changes:
- Enhanced init-db.sql with PostgreSQL extensions (uuid-ossp, pg_trgm, btree_gin)
- Created seed-data.sql with demo tenant, users, project, epics, stories, and tasks
- Updated docker-compose.yml to mount both initialization scripts
- Added DEMO-ACCOUNTS.md documentation with credentials and testing guide
- Added test-db-init.ps1 PowerShell script for testing initialization

Features:
- Automatic demo data creation on first startup
- 2 demo users (Owner and Developer with Demo@123456 password)
- 1 demo project with realistic Epic/Story/Task hierarchy
- Idempotent seed data (checks if data exists before inserting)
- Multi-tenant structure with proper TenantId isolation
- Detailed logging and error handling

Demo Accounts:
- owner@demo.com / Demo@123456 (Owner role)
- developer@demo.com / Demo@123456 (Member role)

Demo Project Data:
- Tenant: Demo Company
- Project: DEMO - Demo Project
- Epic: User Authentication System
- 2 Stories (Login Page, Registration Feature)
- 7 Tasks (various statuses: Done, InProgress, Todo)

Testing:
- Run: .\scripts\test-db-init.ps1
- Or: docker-compose down -v && docker-compose up -d

Documentation: See scripts/DEMO-ACCOUNTS.md for full details

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

scripts/DEMO-ACCOUNTS.md

@@ -0,0 +1,307 @@
+# ColaFlow Demo Accounts
+
+## Overview
+
+When you start the ColaFlow development environment using Docker Compose, demo accounts and sample data are automatically created for testing and development purposes.
+
+## Demo Tenant
+
+**Tenant Name:** Demo Company
+**Tenant Slug:** demo-company
+**Plan:** Professional
+**Status:** Active
+
+### Tenant Limits
+- Max Users: 50
+- Max Projects: 100
+- Max Storage: 100 GB
+
+---
+
+## User Accounts
+
+### Owner Account
+
+**Purpose:** Full administrative access to the tenant
+
+| Field | Value |
+|-------|-------|
+| Email | owner@demo.com |
+| Password | Demo@123456 |
+| Full Name | John Owner |
+| Role | Owner |
+| Status | Active |
+| Email Verified | Yes |
+
+**Permissions:**
+- Full tenant administration
+- Create/delete projects
+- Manage users and roles
+- View audit logs
+- Configure tenant settings
+
+---
+
+### Developer Account
+
+**Purpose:** Standard member account for testing member-level features
+
+| Field | Value |
+|-------|-------|
+| Email | developer@demo.com |
+| Password | Demo@123456 |
+| Full Name | Jane Developer |
+| Role | Member |
+| Status | Active |
+| Email Verified | Yes |
+
+**Permissions:**
+- Create and edit projects (where assigned)
+- Create/edit/delete stories and tasks
+- View projects and reports
+- Update profile settings
+
+---
+
+## Demo Project Data
+
+### Project: Demo Project
+
+**Project Key:** DEMO
+**Status:** Active
+**Owner:** John Owner (owner@demo.com)
+
+#### Epic: User Authentication System
+
+**Status:** InProgress
+**Priority:** High
+**Description:** Implement a complete user authentication system with login, registration, password reset, and email verification features.
+
+---
+
+### Stories
+
+#### Story 1: Login Page Implementation
+
+**Status:** InProgress
+**Priority:** High
+**Assignee:** Jane Developer
+**Estimated Hours:** 16.0
+**Description:** As a user, I want to log in with my email and password, so that I can access my account securely.
+
+**Tasks:**
+1. Design login form UI - Done (3.5h / 4h estimated)
+2. Implement login API endpoint - InProgress (5h / 8h estimated)
+3. Add client-side form validation - Todo (2h estimated)
+4. Write unit tests for auth service - Todo (4h estimated)
+
+---
+
+#### Story 2: User Registration Feature
+
+**Status:** Todo
+**Priority:** High
+**Assignee:** Jane Developer
+**Estimated Hours:** 20.0
+**Description:** As a new user, I want to register an account with email verification, so that I can start using the platform.
+
+**Tasks:**
+1. Design registration form - Todo (6h estimated)
+2. Implement email verification flow - Todo (8h estimated)
+3. Add password strength indicator - Todo (3h estimated)
+
+---
+
+## Quick Start Guide
+
+### 1. Start the Development Environment
+
+```powershell
+# Windows
+docker-compose up -d
+
+# Linux/Mac
+docker-compose up -d
+```
+
+### 2. Wait for Services to be Ready
+
+The first startup may take 1-2 minutes as it:
+- Pulls Docker images
+- Runs database migrations
+- Creates demo data
+
+Check status:
+```powershell
+docker-compose ps
+docker-compose logs backend
+```
+
+### 3. Access the Application
+
+**Frontend:** http://localhost:3000
+**Backend API:** http://localhost:5000
+**Swagger Docs:** http://localhost:5000/swagger
+
+### 4. Login with Demo Accounts
+
+1. Navigate to http://localhost:3000
+2. Click "Login"
+3. Use one of the demo accounts above
+4. Explore the demo project and data
+
+---
+
+## Testing Scenarios
+
+### Scenario 1: Owner Capabilities
+
+Login as `owner@demo.com`:
+1. View all projects
+2. Create a new project
+3. Assign team members
+4. View audit logs
+5. Manage tenant settings
+
+### Scenario 2: Member Capabilities
+
+Login as `developer@demo.com`:
+1. View assigned projects
+2. Create/edit stories and tasks
+3. Update task status
+4. Track time spent
+5. Add comments (if implemented)
+
+### Scenario 3: Multi-Tenant Isolation
+
+1. Login as owner@demo.com
+2. Create another tenant (if registration is enabled)
+3. Verify you cannot see Demo Company data in the new tenant
+4. Test tenant-level data isolation
+
+---
+
+## Resetting Demo Data
+
+### Option 1: Full Reset (Recommended)
+
+This deletes all data and recreates demo accounts:
+
+```powershell
+# Stop containers and delete volumes
+docker-compose down -v
+
+# Restart (will recreate demo data)
+docker-compose up -d
+```
+
+### Option 2: Database Only Reset
+
+Keep images but reset database:
+
+```powershell
+# Remove postgres volume
+docker volume rm product-master_postgres_data
+
+# Restart postgres
+docker-compose up -d postgres
+```
+
+### Option 3: Manual Reset via SQL
+
+```sql
+-- Connect to database
+docker exec -it colaflow-postgres psql -U colaflow -d colaflow
+
+-- Drop all data (CAUTION: This deletes everything)
+DROP SCHEMA identity CASCADE;
+DROP SCHEMA project_management CASCADE;
+
+-- Exit and restart to recreate
+\q
+docker-compose restart backend
+```
+
+---
+
+## Troubleshooting
+
+### Issue: Demo accounts not created
+
+**Symptoms:** Cannot login with demo accounts
+
+**Solution:**
+1. Check database logs: `docker-compose logs postgres`
+2. Verify EF Core migrations ran: `docker-compose logs backend | grep -i migration`
+3. Manually run seed script:
+   ```powershell
+   docker exec -it colaflow-postgres psql -U colaflow -d colaflow -f /docker-entrypoint-initdb.d/02-seed-data.sql
+   ```
+
+### Issue: Seed data script fails
+
+**Symptoms:** Errors in postgres logs about missing tables
+
+**Solution:**
+Seed data script runs AFTER migrations. Ensure migrations completed:
+```powershell
+docker-compose exec backend dotnet ef database update
+```
+
+### Issue: Password not working
+
+**Symptoms:** "Invalid credentials" error
+
+**Solution:**
+1. Verify you're using the correct password: `Demo@123456` (case-sensitive)
+2. Check if password hashing is configured correctly in backend
+3. Manually update password hash if needed:
+   ```sql
+   UPDATE identity.users
+   SET password_hash = '$2a$11$NEW_HASH_HERE'
+   WHERE email = 'owner@demo.com';
+   ```
+
+### Issue: "Tenant not found" error
+
+**Symptoms:** 404 or tenant-related errors
+
+**Solution:**
+1. Check if tenant was created: `SELECT * FROM identity.tenants;`
+2. Verify TenantId matches in users table
+3. Re-run seed data script after fixing migrations
+
+---
+
+## Production Deployment Notes
+
+**WARNING:** The demo accounts are for development use only!
+
+Before deploying to production:
+
+1. **Remove seed-data.sql volume mount** from docker-compose.yml
+2. **Change all passwords** to strong, unique passwords
+3. **Disable automatic account creation**
+4. **Enable email verification** for all new accounts
+5. **Configure proper SSL/TLS** for HTTPS
+6. **Use environment variables** for sensitive data (not hardcoded)
+7. **Enable rate limiting** on authentication endpoints
+8. **Set up monitoring** and alerting
+9. **Regular backups** of production database
+10. **Security audit** before going live
+
+---
+
+## Support
+
+**Issues or Questions?**
+- Check project documentation: `docs/`
+- Review Docker logs: `docker-compose logs`
+- Open an issue on GitHub
+- Contact the development team
+
+---
+
+**Last Updated:** 2025-11-04
+**Version:** 1.0
+**Maintainer:** ColaFlow Backend Team