Feature/group treasury files push

[jahrulezfrancis]

Description

This PR introduces the foundational backend infrastructure for three major features: Group Treasury Management (Soroban), Secure Media/File Sharing, and Push Notifications.

Background & Context

• Group Treasuries: To enable multi-signature group treasuries, the backend needs to mirror on-chain Soroban proposals to serve fast, indexable reads to the client. This PR synchronizes the schema and the stellarListener to track proposal thresholds, approval/rejection counts, and expiration ledgers directly tied to onChainId. We've also upgraded the GroupTreasuryContract itself to support iterating and filtering pending proposals natively.
• Secure Files: Shared media in private conversations must not be globally accessible. By routing file requests through GET /files/:fileId, we can enforce conversational membership checks before issuing short-lived (5-minute) S3 presigned URLs, keeping private data strictly within the intended group.
• Push Notifications: To support reliable cross-platform messaging, we've implemented a device-scoped push subscription registry. This allows the backend to dispatch web-push payloads explicitly bound to the authenticated user's active device ID.

Technical Changes:

1. Schema Updates: Added the pushSubscriptions table and completely updated treasuryProposals to accurately track on-chain state, proposals, thresholds, and expiration ledgers based on the requested columns.
2. Treasury Contract Query Functions: Added list_proposals and get_pending_proposals to the Rust GroupTreasuryContract to safely iterate and fetch stored proposals directly from the contract instance storage.
3. Secure File Download: Added a new endpoint GET /files/:fileId that issues a presigned S3 URL valid for 5 minutes. It strictly enforces access control by querying the database to validate that the requesting user is an active member of the conversation where the file was originally shared.
4. Push Subscriptions Endpoints: Added POST /push/subscriptions and DELETE /push/subscriptions to register and unregister device-bound push subscriptions idempotently.
5. Stellar Listener Fixes: Updated the background stellarListener.ts to correctly map on-chain treasury events to the newly structured treasuryProposals table via onChainId.

Issue numbers

Closes #128
Closes #125
Closes #229
Closes #235

Testing

• Schema changes generated and migrated successfully via Drizzle.
• Validated GroupTreasuryContract read-only functions.
• Verified TypeScript strictness across the stellarListener syncing logic.
• CI/CD tests (tsc, vitest, eslint, prettier) passed cleanly against the backend implementation.

Type of change

• Bug fix
• New feature
• Documentation update
• Other

Checklist

• I have read the contributing guidelines
• I have tested my changes locally
• My code follows the project's coding standards

[drips-wave]

@jahrulezfrancis Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[codebestia]

LGTM!
Thank you for your contribution.