fix(api): /auth/me accepts apikey + expose task id in TaskResponse

Two contract gaps that broke the agent `hf` CLI's comment/worklog flow
(apikey/padded-cell auth):

- GET /auth/me used Depends(get_current_user) (JWT-only) → 401 for apikey
  callers. The CLI resolves the current user via /auth/me to fill
  comment/worklog author_id, so every `hf comment add` / `hf worklog add`
  failed with "Could not validate credentials". Switch to
  get_current_user_or_apikey (already imported), matching the rest of the
  apikey-accepting routes.
- TaskResponse omitted the numeric `id`. CommentCreate/WorkLogCreate require
  a numeric task_id, which the CLI resolves from `GET /tasks/<code>`.id —
  but the field was never serialized, so resolveTaskID got 0 → POST
  /comments|/worklogs → 404 "Task not found". Expose `id: int`.

Verified on sim: hf comment add + hf worklog add now succeed end-to-end.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

app/api/routers/auth.py

@@ -37,7 +37,7 @@ async def login(form_data: OAuth2PasswordRequestForm = Depends(), db: Session =
 
 
 @router.get("/me", response_model=schemas.UserResponse)
-async def get_me(current_user: models.User = Depends(get_current_user)):
+async def get_me(current_user: models.User = Depends(get_current_user_or_apikey)):
     return current_user