feat: Post entity + feed endpoints for dashboard Posts page

[nadavosa]

Context

Linked to need4deed-org/fe#645 — the Posts feed page on the dashboard.

New entity: Post

Field	Type	Notes
id	number	PK
text	string	post body, supports @mention tokens `<@userid>` same format as comments
authorId	number	FK → person
agentId	number	FK → agent — scope for visibility
taggedPersonIds	number[]	persons mentioned in the post
linkedOpportunityIds	number[]	opportunities attached to the post
createdAt	timestamp
updatedAt	timestamp

Endpoints

GET /posts

Returns paginated feed filtered by caller's role:

Role	Visible posts
ADMIN / COORDINATOR	All posts
NGO	Posts scoped to their agent
VOLUNTEER	Posts where they are tagged, or from coordinators of their active agent

Query params: `page`, `limit`

Response:
```json
{
"data": [
{
"id": 1,
"text": "Welcome <@42> to the team!",
"author": { "id": 7, "fullName": "Sara M.", "avatarUrl": "..." },
"taggedPersons": [{ "id": 42, "fullName": "Ali K." }],
"linkedOpportunities": [{ "id": 5, "title": "German tutoring" }],
"createdAt": "2026-06-13T10:00:00Z"
}
],
"count": 42
}
```

POST /posts

Auth: COORDINATOR, NGO, ADMIN, VOLUNTEER (any authenticated user)

Body:
```json
{
"text": "Hello <@42>!",
"taggedPersonIds": [42],
"linkedOpportunityIds": [5]
}
```

Derive `agentId` from the authenticated user's context (same as comments/appreciation).

DELETE /posts/:id

Auth: post author, COORDINATOR, ADMIN only.

Visibility enforcement

• Filter GET /posts server-side based on caller role — do not expose posts the caller cannot see
• Linked opportunity chips: only include opportunities in the response that the caller has access to (mask or omit others)

SDK types

Add to need4deed-sdk:

• `ApiPostGet`
• `ApiPostPost`

Tasks

• `Post` entity (TypeORM) with relations to person, agent, opportunity
• Repository
• GET /posts with role-based filtering
• POST /posts
• DELETE /posts/:id
• SDK types