Security hardening

- Remove OwnerUserId from BudgetDto: OIDC sub of the budget owner was
  being returned to all collaborators (including View-only users)
- Remove SharedWithUserId from ShareDto: other users' internal OIDC subs
  were visible to anyone with read access to a budget
- Delete MeController: scaffolding endpoint that returned sub to the
  browser; no legitimate frontend use case
- Restrict /healthz to require authorization: prevents unauthenticated
  probing of database connectivity
- Add input validation annotations to all request DTOs: [Required],
  [MaxLength], [Range(0,0.9999)] on EffectiveTaxRate, [EmailAddress] on
  share email — [ApiController] now returns 400 instead of 500 for
  invalid input hitting DB constraints
- Replace User.FindFirst("sub")!.Value with GetUserId() extension across
  all controllers: returns 401 instead of NullReferenceException (500)
  if a token lacks a sub claim

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/Budget.Api/DTOs/IncomeDtos.cs

@@ -1,3 +1,4 @@
+using System.ComponentModel.DataAnnotations;
 using Budget.Api.Models;
 
 namespace Budget.Api.DTOs;
@@ -12,8 +13,14 @@ public record IncomeDto(
     decimal Annually,
     int SortOrder);
 
-public record CreateIncomeRequest(string Name, Frequency Frequency, decimal Amount);
+public record CreateIncomeRequest(
+    [Required][MaxLength(200)] string Name,
+    Frequency Frequency,
+    [Range(0, 9_999_999_999_999_999.99)] decimal Amount);
 
-public record UpdateIncomeRequest(string Name, Frequency Frequency, decimal Amount);
+public record UpdateIncomeRequest(
+    [Required][MaxLength(200)] string Name,
+    Frequency Frequency,
+    [Range(0, 9_999_999_999_999_999.99)] decimal Amount);
 
-public record ReorderIncomesRequest(List<Guid> OrderedIds);
+public record ReorderIncomesRequest([Required] List<Guid> OrderedIds);