Add multi-tenant SaaS template

[PAMulligan]

Description

Create a multi-tenant SaaS template that extends the standard project setup with tenant isolation patterns — one of the most common enterprise API requirements.

Why

Multi-tenancy is the #1 architectural pattern for SaaS APIs. It requires careful design across database, middleware, and routing layers. A template that handles this correctly saves teams weeks of architecture work and prevents common security mistakes (tenant data leakage).

Acceptance Criteria

• Create a multi-tenancy middleware template supporting:
  • Schema-based isolation: Each tenant gets a PostgreSQL schema
  • Row-based isolation: Shared tables with `tenant_id` column
  • Both strategies selectable via configuration
• Generate Drizzle schema additions:
  • `tenants` table (id, name, slug, plan, created_at)
  • `tenant_id` foreign key on all resource tables (row-based)
  • Or schema creation/migration per tenant (schema-based)
• Create tenant resolution middleware:
  • Extract tenant from subdomain (`acme.api.example.com`)
  • Extract from header (`X-Tenant-ID`)
  • Extract from JWT claim (`tenant_id`)
• Add RLS (Row Level Security) policies for PostgreSQL
• Add tenant-scoped queries (all Drizzle queries automatically filtered)
• Include integration tests verifying tenant isolation
• Document trade-offs between isolation strategies
• CI passes