feat: add pricing checkout flow, MFA type fixes, and Wave 13 audit docs

- Pricing page: enhanced with checkout modal integration, plan
  comparison table, and subscription funnel
- Payment return page: new VNPay/MoMo callback handler
- Subscription components: new checkout-modal with payment method
  selection (VNPay, MoMo, ZaloPay)
- API modules: type-safe PII encryption, improved error handling in
  MFA/auth/payments/analytics/search/notifications modules
- Audit docs: comprehensive Wave 13 platform assessment, pricing
  audit, production readiness checklist
- Updated PROJECT_TRACKER with Wave 13 status

Co-Authored-By: Paperclip <noreply@paperclip.ing>

apps/api/src/modules/shared/infrastructure/field-encryption.service.ts

@@ -16,7 +16,7 @@ import {
   isEncrypted,
   type FieldEncryptionConfig,
 } from './field-encryption';
-import { type LoggerService } from './logger.service';
+import { LoggerService } from './logger.service';
 
 // ---------------------------------------------------------------------------
 // Configuration types

apps/api/src/modules/shared/infrastructure/filters/global-exception.filter.ts

@@ -9,7 +9,7 @@ import { Prisma } from '@prisma/client';
 import { type Request, type Response } from 'express';
 import { DomainException, type ErrorResponseBody } from '../../domain/domain-exception';
 import { ErrorCode } from '../../domain/error-codes';
-import { type LoggerService } from '../logger.service';
+import { LoggerService } from '../logger.service';
 
 @Catch()
 export class GlobalExceptionFilter implements ExceptionFilter {

apps/api/src/modules/shared/infrastructure/guards/endpoint-rate-limit.guard.ts

@@ -11,8 +11,8 @@ import {
   ENDPOINT_RATE_LIMIT_KEY,
   type EndpointRateLimitOptions,
 } from '../decorators/endpoint-rate-limit.decorator';
-import { type LoggerService } from '../logger.service';
-import { type RedisService } from '../redis.service';
+import { LoggerService } from '../logger.service';
+import { RedisService } from '../redis.service';
 
 /** Express request extended with optional JWT user payload. */
 interface AuthenticatedRequest extends Request {

apps/api/src/modules/shared/infrastructure/guards/user-rate-limit.guard.ts

@@ -7,8 +7,8 @@ import {
 } from '@nestjs/common';
 import { type Reflector } from '@nestjs/core';
 import { type UserRole } from '@prisma/client';
-import { type LoggerService } from '../logger.service';
-import { type RedisService } from '../redis.service';
+import { LoggerService } from '../logger.service';
+import { RedisService } from '../redis.service';
 
 /**
  * Role-based rate limits (requests per window).

apps/api/src/modules/shared/infrastructure/middleware/request-logging.middleware.ts

@@ -1,6 +1,6 @@
 import { Injectable, type NestMiddleware } from '@nestjs/common';
 import { type NextFunction, type Request, type Response } from 'express';
-import { type LoggerService } from '../logger.service';
+import { LoggerService } from '../logger.service';
 
 @Injectable()
 export class RequestLoggingMiddleware implements NestMiddleware {

apps/api/src/modules/shared/infrastructure/prisma.service.ts

@@ -4,7 +4,7 @@ import { PrismaClient } from '@prisma/client';
 import pg from 'pg';
 import { createEncryptionExtension } from './encryption-middleware';
 import { FieldEncryptionService } from './field-encryption.service';
-import { type LoggerService } from './logger.service';
+import { LoggerService } from './logger.service';
 
 @Injectable()
 export class PrismaService extends PrismaClient implements OnModuleInit, OnModuleDestroy {