Tech Story: Eliminate TypeScript `any` types across backend and frontend

[GitAddRemote]

Tech Story

As a platform engineer, I want all explicit and implicit any types replaced with proper TypeScript types so that the compiler can catch type errors at the boundaries where security-sensitive data flows (JWT payloads, request objects, auth guards).

Context

Audit found any types concentrated in auth-critical code paths:

• auth.service.ts: validateUser(): Promise<any>, login(user: any)
• jwt.strategy.ts: validate(payload: any)
• auth.controller.ts: @Request() req: any on refresh, logout, change-password
• org-inventory.controller.ts: @Request() req: any, @Query() query: Record<string, any>
• base-uex.repository.ts: multiple as any casts
• audit-log.entity.ts / audit-logs.service.ts: Record<string, any> on metadata columns
• http-exception.filter.ts, audit-log.interceptor.ts: assorted any casts

Acceptance Criteria

• A JwtPayload interface defined and used in JwtStrategy.validate() and AuthService.login()
• An AuthenticatedRequest interface (extending Express Request) used in place of req: any in all controllers
• OrgInventoryController query params typed with a proper DTO class
• AuditLog metadata columns typed as Record<string, unknown>
• base-uex.repository.ts as any casts replaced with typed generics or explicit interfaces
• pnpm typecheck passes with zero errors
• ESLint @typescript-eslint/no-explicit-any rule enabled and passing

Technical Elaboration

Add to auth/interfaces/:

• jwt-payload.interface.ts: { sub: number; username: string; iat?: number; exp?: number }
• authenticated-request.interface.ts: extends Express Request with user: { userId: number; username: string }

Enable @typescript-eslint/no-explicit-any: 'error' in ESLint config once all instances resolved.

Notes

• Each file fixed should be a separate commit for easy review
• Some TypeORM/Passport internals may require unknown + narrowing rather than a direct type