Add profile feature, input sanitization, and stronger security checks

Backend:
- app/core/sanitize.py: shared sanitize_str, normalize_email, validate_phone,
  validate_date_of_birth — applied to every user-supplied DB-bound input
- app/schemas/user.py: sanitize full_name, normalize email on UserCreate
- app/models/profile.py: profiles table (position, phone, dob, address, updated_at)
- app/models/user.py: Profile back-ref, is_superuser admin-role comment
- app/schemas/profile.py: ProfileRead/ProfileUpdate with full sanitization
- app/routers/profile.py: GET+PUT /api/profile/me (lazy profile creation)
- app/main.py: register /api/profile router
- alembic migration 676084df61d1: create profiles table

Frontend:
- components/Nav.tsx: shared nav (Dashboard | Profile | Logout)
- pages/ProfilePage.tsx: profile view + inline edit form with error handling
- pages/DashboardPage.tsx: use Nav component
- api/client.ts: ProfileData type, getProfile, updateProfile
- App.tsx: /profile private route

Security:
- scripts/security_check.py: tighter SQL injection patterns (f-string/format/%
  in execute/query/text()), new SANIT category for raw request→DB patterns

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

frontend/src/api/client.ts

@@ -21,3 +21,27 @@ export const register = (email: string, password: string, full_name?: string) =>
 
 // --- Users ---
 export const getMe = () => api.get("/users/me").then((r) => r.data);
+
+// --- Profile ---
+export interface ProfileData {
+  id: string;
+  user_id: string;
+  phone: string | null;
+  date_of_birth: string | null;
+  position: string | null;
+  address: string | null;
+  updated_at: string;
+}
+
+export interface ProfileUpdate {
+  phone?: string | null;
+  date_of_birth?: string | null;
+  position?: string | null;
+  address?: string | null;
+}
+
+export const getProfile = () =>
+  api.get<ProfileData>("/profile/me").then((r) => r.data);
+
+export const updateProfile = (data: ProfileUpdate) =>
+  api.put<ProfileData>("/profile/me", data).then((r) => r.data);