fix: enforce profileVisibility and PII privacy in user profile APIs

[samlogy1]

closes #353

• Gate GET /api/users/[id] by profileVisibility and requester relationship (self / follower / public)
• Strip email and walletAddress unless requester is the user themselves or the corresponding showEmail/showWalletAddress flag is true
• Add privacy gating to all profile sub-resource endpoints (posts, entries, stats, activity, followers, following)
• Strip walletAddress from follower/following user lists unless permitted
• Update existing test to expect anonymized PII for anonymous requests
• Add tests for third-party privacy enforcement

Pull Request Template

Description

Please include a summary of the change and which issue is fixed. Also include relevant motivation and context.

---

Checklist

• I have tested my changes locally
• I have updated documentation as needed
• I have run npx prisma generate after schema changes
• I have run npx prisma migrate dev or npx prisma migrate deploy as appropriate

---

Post-Merge Steps for Maintainers

If this PR includes changes to the Prisma schema:

1. Run the following command to apply the migration to your database:

   npx prisma migrate deploy

   or, for local development:

   npx prisma migrate dev

2. Ensure your CI pipeline runs the migration before tests (add this step if missing):

   - name: Run Prisma Migrate
     run: npx prisma migrate deploy

3. Make sure the database user in CI has permission to run migrations.

---

If you have any questions, please comment on this PR.

[drips-wave]

@samlogy1 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits