test(security): add 18 CLI endpoint IDOR security tests

Comprehensive security tests for every API endpoint the stacker CLI hits:

- list projects: user isolation (3 vs 1), unauthenticated rejected
- list clouds: user isolation, cross-user GET rejected
- list servers: user isolation, cross-user GET rejected
- list deployments: user isolation, cross-user by-hash/by-id rejected
- deploy: cross-user project rejected, cross-user cloud creds rejected
- destroy: cross-user force-complete rejected, owner allowed
- enqueue command: cross-user deployment rejected
- delete project/cloud/server: cross-user rejected
- unauthenticated access: all list endpoints reject

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: vsilent