Implements proper atproto label structure with optional 'neg' field for negating labels.
This fixes client-supplied labels being dropped and ensures full round-trip compatibility.

Changes:
- Add SelfLabels and SelfLabel structs per com.atproto.label.defs spec
- SelfLabel includes Val (required) and Neg (optional bool pointer) fields
- Update CreatePostRequest.Labels from []string to *SelfLabels
- Update PostRecord.Labels to structured format
- Update validation logic to iterate over Labels.Values
- Update jetstream consumer to use structured labels

Before: Labels were []string, breaking in 3 ways:
1. Client-supplied structured labels ignored (JSON decoder drops object)
2. PDS rejects unknown contentLabels array field
3. Jetstream consumer marshals incorrectly

After: Full com.atproto.label.defs#selfLabels support with neg field preservation.

Migrates lexicon schemas from social.coves.post.* to social.coves.community.post.*
to better reflect atProto architecture where posts are records in community repositories.

Changes:
- Move post schemas to social.coves.community.post namespace
- Update cross-references in feed/defs.json and embed/post.json
- Update validation tool to handle defs-only files (skip #main validation)
- Add skip logic for *.defs files in lexicon tests
- Remove old social.coves.post/* schemas

This aligns with atProto best practices for community-based content organization.

Apply code quality improvements from golangci-lint and gofumpt:

Struct Memory Optimization:
- Reorder fields in Aggregator and Authorization structs for better
memory alignment (reduces padding, improves cache locality)

Import Grouping:
- Standardize import order: Coves packages first, then stdlib
- Affected: discover_test.go, timeline_test.go

Dev Environment Support:
- Allow HTTP issuers in JWT validation when IS_DEV_ENV=true
- Enables local PDS testing at http://localhost:3001
- Production still requires HTTPS or DID issuers

Token Refresh Robustness:
- Improve expired token detection with case-insensitive matching
- Handles both "ExpiredToken" and "Token has expired" errors

Minor Cleanup:
- Remove extraneous blank lines
- Format aggregator handler imports consistently

All changes applied automatically by: make lint-fix

Fix golangci-lint errcheck violations by explicitly handling (or
ignoring) error returns from Close() operations in defer statements.

Pattern used: defer func() { _ = rows.Close() }()

This makes the intent clear that we're choosing to ignore the error
in defer context (since we're already returning an error from the
main operation if one occurred).

Fixed in:
- internal/db/postgres/vote_repo.go (2 instances)
- internal/db/postgres/vote_repo_test.go (11 instances)
- internal/db/postgres/aggregator_repo.go (5 instances)
- tests/integration/aggregator_e2e_test.go (3 instances)

All tests passing, linter clean.

Remove vote service initialization and route registration from the
AppView server. Vote endpoints are no longer exposed.

Changes:
- Remove votes package import
- Remove voteService initialization
- Remove RegisterVoteRoutes() call
- Add documentation comment explaining removal

The vote repository is still initialized for Jetstream consumer use,
but no service layer or XRPC endpoints exist.

Vote operations flow:
1. Client → PDS (com.atproto.repo.createRecord)
2. PDS → Jetstream (firehose event)
3. Jetstream → AppView consumer (indexing)
4. AppView DB (aggregated vote counts)

Remove createVote and deleteVote XRPC procedure lexicons. These
endpoints are no longer exposed by the AppView.

Clients use standard atProto repo operations instead:
- com.atproto.repo.createRecord
- com.atproto.repo.deleteRecord

Keep social.coves.interaction.vote.json (record type definition)
as it's still needed for Jetstream indexing.

Deleted:
- social.coves.interaction.createVote.json (67 lines)
- social.coves.interaction.deleteVote.json (37 lines)

Remove all vote write endpoints from the AppView. Vote creation and
deletion are now performed directly by clients at their PDS using
standard atProto repo operations.

Removed:
- POST /xrpc/social.coves.interaction.createVote handler
- POST /xrpc/social.coves.interaction.deleteVote handler
- Vote route registration
- E2E tests for write-forward pattern (~800 lines)

Endpoints now return 404. Clients should use:
- com.atproto.repo.createRecord (collection: social.coves.interaction.vote)
- com.atproto.repo.deleteRecord (extract rkey from vote URI)

The AppView indexes votes from Jetstream for aggregation and querying.

Deleted files:
- internal/api/handlers/vote/create_vote.go
- internal/api/handlers/vote/delete_vote.go
- internal/api/routes/vote.go
- tests/integration/vote_e2e_test.go