feat: ST-601-ST-612 M6 polish, beveiliging en launch-ready

- ST-601/602: loading skeletons en error boundary
- ST-603: Sonner toasts op alle CRUD-operaties
- ST-604: DemoTooltip op uitgeschakelde knoppen
- ST-605: KeyboardSensor dnd-kit, Escape sluit modals
- ST-606: min-width banner < 1024px
- ST-607: WCAG AA aria-labels en skip link
- ST-608: rate limiting login (10/min) en registratie (5/uur)
- ST-609: security integratietests cross-user toegang (7 tests)
- ST-610: GitHub Actions CI/CD workflow
- ST-611: README met quickstart, deployment en API-docs
- ST-612: Lars-flow acceptatiechecklist
- fix: settings toont gebruikersnaam i.p.v. interne id
- fix: seed idempotent, testdata altijd gekoppeld aan demo-gebruiker

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

components/sprint/sprint-header.tsx

@@ -10,6 +10,8 @@ import {
   DialogHeader,
   DialogTitle,
 } from '@/components/ui/dialog'
+import { toast } from 'sonner'
+import { DemoTooltip } from '@/components/shared/demo-tooltip'
 import { updateSprintGoalAction, completeSprintAction } from '@/actions/sprints'
 import type { SprintStory } from './sprint-backlog'
 
@@ -41,7 +43,8 @@ export function SprintHeader({ productId, productName, sprint, isDemo, sprintSto
   const [, goalFormAction] = useActionState(
     async (_prev: unknown, fd: FormData) => {
       const result = await updateSprintGoalAction(_prev, fd)
-      if (result?.success) setEditingGoal(false)
+      if (result?.success) { setEditingGoal(false); toast.success('Sprint goal opgeslagen') }
+      else if (result?.error) toast.error(typeof result.error === 'string' ? result.error : 'Opslaan mislukt')
       return result
     },
     undefined
@@ -59,8 +62,9 @@ export function SprintHeader({ productId, productName, sprint, isDemo, sprintSto
     })
 
     startCompleting(async () => {
-      await completeSprintAction(sprint.id, finalDecisions)
-      setCompleteOpen(false)
+      const result = await completeSprintAction(sprint.id, finalDecisions)
+      if ('error' in result) toast.error(result.error ?? 'Sprint afronden mislukt')
+      else { toast.success('Sprint afgerond'); setCompleteOpen(false) }
     })
   }
 
@@ -92,11 +96,11 @@ export function SprintHeader({ productId, productName, sprint, isDemo, sprintSto
           )}
         </div>
 
-        {!isDemo && (
-          <Button size="sm" variant="outline" className="shrink-0 border-warning/40 text-warning hover:bg-warning/10" onClick={() => setCompleteOpen(true)}>
+        <DemoTooltip show={isDemo}>
+          <Button size="sm" variant="outline" disabled={isDemo} className="shrink-0 border-warning/40 text-warning hover:bg-warning/10" onClick={() => setCompleteOpen(true)}>
             Sprint afronden
           </Button>
-        )}
+        </DemoTooltip>
       </div>
 
       {/* Complete sprint dialog */}