feat(VAN-20): improve researcher experience

[fr4nc1stein]

Summary

• Refactored the submit form into a 3-step wizard (Target & Classification → Vulnerability Details → Review & Submit)
• Added report draft auto-save with AES-GCM encryption, load-on-mount, and clear-on-submit
• Added duplicate detection via word-overlap scoring on the researcher's own submissions (shows warning banner in Step 2)
• Added 7 vulnerability report templates (IDOR, Injection, Broken Access Control, SSRF, Auth Failure, Info Disclosure, Path Traversal)
• Added Hall of Fame opt-out toggle on the researcher profile page (visible to profile owner only)
• New APIs: GET|POST|DELETE /api/drafts, GET /api/reports/similar, GET|PATCH /api/researcher/preferences
• Migration 0014: report_drafts table + hof_opt_out column on researcher_stats

Test plan

• Submit form shows 3-step progress indicator and validates each step before advancing
• Draft is auto-saved after 1.5s of inactivity and reloaded on page refresh
• Duplicate warning appears when title shares 40%+ word overlap with an existing submission
• Template picker appears in Step 2 for supported vuln types and pre-fills fields
• Step 3 review summary shows correct values from Steps 1 and 2
• Server validation errors on submit navigate back to the correct step
• Draft is deleted after successful submission
• HoF toggle appears on /researcher/[id] when viewing own profile
• PATCH /api/researcher/preferences updates hof_opt_out in DB
• Migration 0014 applies cleanly

🤖 Generated with Claude Code