Harden fork CI fidelity: web build fail-fast + test secret isolation

[poterpan]

Two independent fixes (one commit each) from the Codex review of fork/clean-checkout fidelity. Same theme as #6: make CI/tests reflect what a fork actually experiences.

#4 — scrub external secrets from the test baseline (ca92f66)

A local .dev.vars (gitignored) injects a real DISCORD_BOT_TOKEN; CI has none. Code gated on the token — notably /admin/billing/initiate → sendBillingOpened (billing.ts:187) once discord_billing_channel_id is set earlier in the suite — therefore made a real Discord POST on a dev machine while CI silently took the no-send branch. Tests behaved differently per machine and leaked an outbound call locally.

• test/apply-migrations.ts: delete env.DISCORD_BOT_TOKEN in setup → identical baseline everywhere. Tests that exercise sending already set their own dummy token + stub fetch.
• test/smoke.test.ts: assertion that the token doesn't leak — reproduces the divergence (red locally before the scrub, green after).

#3 — fail the web build when VITE_API_BASE is unset (baada7e)

VITE_API_BASE is statically inlined at build time and aims the upload page at the fork's own worker. When unset, vite build still succeeded and emitted a bundle whose top-level throw (web/src/api.ts:2) only fires at load → white screen, invisible to CI's pnpm -r build.

• web/vite.config.ts: fail the build (not just runtime) when VITE_API_BASE is missing; dev stays exempt.
• .github/workflows/ci.yml: give the build step a throwaway VITE_API_BASE (CI only checks it compiles) + a regression guard step asserting the web build refuses to build without it.

Verification

• pnpm -r typecheck ✅ · pnpm -r test ✅ 180 passing · pnpm -r build (with dummy) ✅
• Web build without VITE_API_BASE → fails (exit 1, helpful message); with → succeeds.
• feat: 成員/訂閱/方案/渠道 刪除（補齊 CRUD） #4 reproduced locally: the leak assertion is red before the scrub, green after.

Neither touches runtime Worker/SPA code → no production deploy needed.