feat: campaign export, deprecation notices, user profile, secrets scanning

[Jaydbrown]

Addresses #463, #466, #473, #485.

#463 — Campaign metrics CSV/JSON export

• backend/src/routes/campaignExport.js — new route: GET /api/v1/campaigns/:id/export?format=csv|json (API key required)
• CSV columns: participantAddress, registeredAt, pointsCredited, pointsClaimed, netPoints, referredBy
• JSON: { campaign, participants } structure
• Streaming via Node.js pipeline() — dataset not buffered in memory
• Date range filter: ?from / ?to
• Rate limit: 5 exports per campaign per hour (per API key / IP)
• Audit log entry on every export

#466 — API versioning and deprecation notices

• backend/src/deprecations.js — registry mapping route patterns to { deprecatedAt, removedAt, replacement, message }
• backend/src/middleware/deprecationNotice.js — injects RFC 8594 headers (Deprecation, Sunset, Link) and WARN-logs each hit
• GET /api/v1/deprecations — returns full registry as JSON
• backend/README.md — documents 90-day notice policy and content negotiation

#473 — User profile page

• frontend/src/pages/UserProfile.jsx — /profile route; shows stats (campaigns joined, points earned/claimed/net), recent activity list, campaign list, joined date, share button
• Redirects to home if wallet not connected
• Loading skeletons while data fetches
• frontend/src/App.jsx — adds /profile route
• frontend/src/components/Header.jsx — adds Profile link in nav when wallet is connected

#485 — Secrets scanning CI

• .github/workflows/secrets-scan.yml — gitleaks on every push and PR
• .gitleaks.toml — custom rules for Stellar secret keys and Trivela API key patterns; excludes .env.example, test/fixtures/, docs/
• scripts/dev-setup.sh — installs git-secrets pre-commit hook locally
• docs/RUNBOOK.md — secret rotation procedure appended
• README.md — adds secrets scanning badge

[vercel]

@Jaydbrown is attempting to deploy a commit to the joelpeace48-cell's projects Team on Vercel.

A member of the Team first needs to authorize it.

[drips-wave]

Hey @Jaydbrown! 👋 It looks like this PR isn't linked to any issue.

If this PR is for one of the issues assigned to you as part of a Wave, please link it to ensure your contribution is tracked properly. You can do this by adding a keyword to the PR description (e.g., Closes #123), or by clicking a button below:

Issue	Title
#485	DevOps: Add secrets scanning in CI (prevent accidental key commits)	Link to this issue
#466	Backend: Add API versioning header and deprecation notices	Link to this issue
#473	Frontend: Add user profile page (activity summary, campaigns, rewards history)	Link to this issue
#463	Backend: Add campaign metrics CSV/JSON export endpoint	Link to this issue

ℹ️ Learn more about linking PRs to issues