feat: implement 15 production items (SSE, security, observability, features, infra)

Performance:
- SSE dashboard streaming endpoint (GET /v1/admin/status/stream)
- Web Worker for markdown rendering (offload from main thread)
- IndexedDB chat persistence (replace localStorage, 500msg support)

Security:
- CSRF protection middleware (Origin/Referer validation)
- Content Security Policy + security headers middleware
- API key rotation endpoint (POST /v1/admin/keys/rotate)

Observability:
- OpenTelemetry tracing with graceful NoOp fallback
- Structured error codes (FAGI-xxxx taxonomy with ErrorResponse schema)
- Audit log export (CSV + JSON at /v1/admin/audit/export/*)

Features:
- Multi-session management hook (parallel conversations)
- Conversation export (markdown/JSON/text download + clipboard)
- Head customization UI (enable/disable + weight sliders for 12 heads)

Infrastructure:
- Kubernetes Helm chart (Deployment, Service, HPA, Ingress)
- Database migration versioning (generate, verify commands)
- Blue-green deployment manifests (color-based traffic switching)

Tests: 598 Python + 56 frontend = 654 total, 0 ruff errors
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>

tests/test_key_rotation.py

@@ -0,0 +1,22 @@
+"""Tests for API key rotation endpoint."""
+
+from fusionagi.api.routes.key_rotation import _generate_key
+
+
+def test_generate_key_format():
+    """Generated keys should have the expected prefix and length."""
+    key = _generate_key()
+    assert key.startswith("fagi_")
+    assert len(key) > 20
+
+
+def test_generate_key_uniqueness():
+    """Each generated key should be unique."""
+    keys = {_generate_key() for _ in range(100)}
+    assert len(keys) == 100
+
+
+def test_generate_key_custom_prefix():
+    """Custom prefix should be used."""
+    key = _generate_key(prefix="test")
+    assert key.startswith("test_")