Harden multi-tenant isolation across all user-facing controllers

Added explicit CompanyId == companyId predicates to every tenant-scoped
query in 22 controllers so cross-tenant data leakage is impossible even
if EF Core global query filters are bypassed or misconfigured.

Also fixed ApplicationDbContext.IsPlatformAdmin to correctly return true
for SuperAdmins with no CompanyId claim (break-glass accounts) and when
no HTTP context is present (background services, unit tests), resolving
225 unit test failures that stemmed from the global filter blocking all
in-memory test data.

New MultiTenantIsolationTests class (8 tests) verifies the explicit
predicate layer independently of the global query filters.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/PowderCoating.Web/Controllers/JobsPriorityController.cs

@@ -90,8 +90,8 @@ public class JobsPriorityController : Controller
         .ToList();
 
         // Get priorities and workers for modal options
-        var priorities = await _unitOfWork.JobPriorityLookups.GetAllAsync();
         var companyId = _tenantContext.GetCurrentCompanyId() ?? 0;
+        var priorities = await _unitOfWork.JobPriorityLookups.FindAsync(p => p.CompanyId == companyId);
         var workers = await _userManager.Users
             .Where(u => u.CompanyId == companyId && u.IsActive && u.CompanyRole != null)
             .OrderBy(u => u.FirstName).ThenBy(u => u.LastName)