Refactor event handling and improve synchronization mechanisms

[getBoolean]

No description provided.

[cursor]

PR Summary

Medium Risk
Schema migrations and event-sync locking affect core event/queue behavior on deploy; production runs as non-root and compose resource limits could affect behavior on a small VPS if mis-tuned.

Overview
Adds SQLite migrations for event sync coordination and safer multi-tenant room handling: event_sync_lock (per guild/event) and guild_id plus composite indexes on event_occurrence_room_ping / event_occurrence_room_pull, with backfill from occurrences.

Production and deploy changes run the app container as the node user, exclude .env from the Docker build context, inject GHCR_IMAGE into server .env, pipe GHCR_PULL_TOKEN to docker login --password-stdin over SSH (not embedded in remote commands), and tune docker-compose.app.yml (configurable image, no stdin/tty, CPU/memory limits). Cloud-init installs fail2ban for sshd; INFRA.md documents single-instance SQLite expectations, optional SSH_ALLOW_IPS, and related ops notes.

Minor: Dependabot npm open-pull-requests-limit raised to 5; eslint relaxes a few rules; README-dev documents dual schedulers.

^{Reviewed by Cursor Bugbot for commit d9d703a. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_9a1d7ed1-3f82-45aa-8961-ea1a3f466998)