feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Major Features:
- ✅ Multi-tenant architecture (tenant isolation)
- ✅ Employee CRUD with lifecycle management (onboarding/offboarding)
- ✅ Department tree structure with email domain management
- ✅ Company info management (single-record editing)
- ✅ System functions CRUD (permission management)
- ✅ Email account management (multi-account per employee)
- ✅ Keycloak SSO integration (auth.lab.taipei)
- ✅ Redis session storage (10.1.0.254:6379)
  - Solves Cookie 4KB limitation
  - Cross-system session sharing
  - Sliding expiration (8 hours)
  - Automatic token refresh

Technical Stack:
Backend:
- FastAPI + SQLAlchemy
- PostgreSQL 16 (10.1.0.20:5433)
- Keycloak Admin API integration
- Docker Mailserver integration (SSH)
- Alembic migrations

Frontend:
- Next.js 14 (App Router)
- NextAuth 4 with Keycloak Provider
- Redis session storage (ioredis)
- Tailwind CSS

Infrastructure:
- Redis 7 (10.1.0.254:6379) - Session + Cache
- Keycloak 26.1.0 (auth.lab.taipei)
- Docker Mailserver (10.1.0.254)

Architecture Highlights:
- Session管理由 Keycloak + Redis 統一控制
- 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session
- Token 自動刷新,異質服務整合
- 未來可無縫遷移到雲端

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

scripts/setup-database.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+# ====================================
+# HR Portal - 資料庫設定腳本
+# ====================================
+
+set -e
+
+echo "=== HR Portal 資料庫設定 ==="
+echo ""
+
+# 設定變數
+DB_HOST="10.1.0.254"
+DB_NAME="hr_portal"
+DB_USER="hr_user"
+DB_PASSWORD="hr_password_change_me"  # 請修改為強密碼
+
+echo "連接到 PostgreSQL..."
+echo ""
+
+# 1. 創建資料庫用戶 (如果不存在)
+echo "1. 創建資料庫用戶: $DB_USER"
+ssh ubuntu@$DB_HOST "docker exec -i postgres psql -U postgres" <<EOF
+DO \$\$
+BEGIN
+   IF NOT EXISTS (SELECT FROM pg_user WHERE usename = '$DB_USER') THEN
+      CREATE USER $DB_USER WITH PASSWORD '$DB_PASSWORD';
+      RAISE NOTICE 'User $DB_USER created';
+   ELSE
+      RAISE NOTICE 'User $DB_USER already exists';
+   END IF;
+END
+\$\$;
+EOF
+
+echo ""
+
+# 2. 創建資料庫 (如果不存在)
+echo "2. 創建資料庫: $DB_NAME"
+ssh ubuntu@$DB_HOST "docker exec -i postgres psql -U postgres" <<EOF
+SELECT 'CREATE DATABASE $DB_NAME OWNER $DB_USER'
+WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$DB_NAME')\gexec
+EOF
+
+echo ""
+
+# 3. 授予權限
+echo "3. 授予權限"
+ssh ubuntu@$DB_HOST "docker exec -i postgres psql -U postgres -d $DB_NAME" <<EOF
+GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;
+GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO $DB_USER;
+GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO $DB_USER;
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO $DB_USER;
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO $DB_USER;
+EOF
+
+echo ""
+
+# 4. 執行 Schema 初始化
+echo "4. 執行 Schema 初始化"
+ssh ubuntu@$DB_HOST "docker exec -i postgres psql -U $DB_USER -d $DB_NAME" < init-db.sql
+
+echo ""
+echo "✅ 資料庫設定完成!"
+echo ""
+echo "資料庫連接資訊:"
+echo "  Host: $DB_HOST"
+echo "  Database: $DB_NAME"
+echo "  User: $DB_USER"
+echo "  Password: $DB_PASSWORD"
+echo ""
+echo "DATABASE_URL: postgresql://$DB_USER:$DB_PASSWORD@$DB_HOST:5432/$DB_NAME"
+echo ""
+echo "請將上述 DATABASE_URL 複製到 backend/.env 檔案中"