feat(api,web): c2 consulta de clientes — list + search + auth flow

prisma: modelo Client + migração 20260527225728_add_client + seed dev (10 clientes)
api: GET /clients (list, busca, filtro atividade/financeiro, paginação) + GET /clients/:id
     rep vê carteira própria; supervisor/admin vê tudo; activityStatus calculado de lastOrderAt
@sar/api-interface: ClientSummarySchema, ClientDetailSchema, ClientListResponseSchema
web: ClientsPage (tabela AntD, busca, filtro), DevLogin (token dev), authStore, Bearer no apiFetch
oq-4 resolvida: creditLimit gerenciado no SAR

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

apps/web/src/main.tsx

@@ -1,4 +1,4 @@
-import { StrictMode } from 'react';
+import { StrictMode, useState } from 'react';
 import { createRoot } from 'react-dom/client';
 import { ConfigProvider, App as AntdApp } from 'antd';
 import ptBR from 'antd/locale/pt_BR';
@@ -12,9 +12,24 @@ import './styles/global.css';
 import { sarTheme } from './lib/theme';
 import { queryClient } from './lib/query-client';
 import { router } from './lib/router';
+import { authStore } from './lib/auth-store';
+import { DevLogin } from './components/dev/DevLogin';
 
 dayjs.locale('pt-br');
 
+const isDev = import.meta.env.DEV;
+
+function Root() {
+  const [hasToken, setHasToken] = useState(() => !!authStore.get());
+
+  // Em dev, exibe DevLogin se não houver token. Em prod, fluxo de auth real virá aqui.
+  if (isDev && !hasToken) {
+    return <DevLogin onLogin={() => setHasToken(true)} />;
+  }
+
+  return <RouterProvider router={router} />;
+}
+
 const rootEl = document.getElementById('root');
 if (!rootEl) {
   throw new Error('Root element not found');
@@ -25,7 +40,7 @@ createRoot(rootEl).render(
     <ConfigProvider theme={sarTheme} locale={ptBR} componentSize="middle">
       <AntdApp>
         <QueryClientProvider client={queryClient}>
-          <RouterProvider router={router} />
+          <Root />
         </QueryClientProvider>
       </AntdApp>
     </ConfigProvider>