feat(auth): add row/size caps + streaming to export-user-data

- Add per-collection row cap (default 10k, env EXPORT_ROW_CAP) via Prisma
  take on all findMany calls
- Add total size cap (default 100MB, env EXPORT_SIZE_CAP_MB); throws
  PayloadTooLargeException (413) when exceeded
- Convert response to Node.js Readable stream piped via NestJS StreamableFile
  to avoid large in-memory buffers
- Export ExportUserDataResult interface (stream + truncated flag) from handler
- Update controller to set Content-Type/Content-Disposition headers and
  return StreamableFile
- Document EXPORT_ROW_CAP and EXPORT_SIZE_CAP_MB env vars in Swagger
- Extend tests: row-cap assertion (take arg), size-cap 413 path, stream assertions

Fixes GOO-223 (M-1 from GOO-200 audit).

Co-Authored-By: Paperclip <noreply@paperclip.ing>

libs/contracts/events/schemas/kyc.verified.schema.json

@@ -0,0 +1,20 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://goodgo.vn/schemas/events/kyc.verified.schema.json",
+  "title": "kyc.verified",
+  "description": "Emitted when a user's KYC review transitions to VERIFIED.",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["userId", "verifiedByUserId", "level", "verifiedAt", "documentRefs"],
+  "properties": {
+    "userId": { "type": "string", "minLength": 1 },
+    "verifiedByUserId": { "type": "string", "minLength": 1 },
+    "level": { "type": "string", "enum": ["basic", "enhanced"] },
+    "verifiedAt": { "type": "string", "format": "date-time" },
+    "documentRefs": {
+      "type": "array",
+      "items": { "type": "string", "minLength": 1 },
+      "description": "Opaque references (e.g. S3 keys) to the documents used for verification."
+    }
+  }
+}