Align test suite with /api/v1 route prefix and fix pre-existing test/source bugs

The data routes (purchases, alerts, stores, etc.) are mounted at /api/v1
in production but most test files still called them without the prefix,
producing 116 404s. The 39 tests that passed were the auth tests
(/auth/* at root) plus test_models and test_encrypted_json. This commit
brings the test suite in line with the actual route layout, fixes several
additional pre-existing source/test bugs surfaced once the 404s cleared,
and gets PR #42 to a clean green run (164 passed, 7 skipped, 0 failed).

Source fixes
- src/cartsnitch_api/auth/dependencies.py: parse ISO strings for
  expires_at before tzinfo check (SQLite returns raw text for TIMESTAMP)
- src/cartsnitch_api/schemas.py: UserResponse.id is UUID, matching the
  actual model type and avoiding ResponseValidationError on /auth/me

Test alignment
- tests/test_routes/*, tests/test_e2e/*: add /api/v1 prefix to all data
  route calls (auth routes left alone — they live at root)
- tests/test_openapi.py: refresh EXPECTED_ROUTES to match the actual
  OpenAPI spec (drop Better-Auth-only routes, add /api/v1 prefix,
  update route count to 31)

Pre-existing test fixes
- tests/test_middleware/test_rate_limit.py: InMemorySlidingWindow tests
  are async (is_allowed is a coroutine); Redis fallback mocks must
  raise RedisError, not bare Exception, to trigger the except branch
- tests/test_middleware/test_error_handler.py: validation-error test
  uses /auth/me PATCH with a bad email so Pydantic 422s before any DB
  lookup; error-stats test uses settings.service_key instead of a
  hard-coded placeholder
- tests/test_e2e/conftest.py: Coupon.valid_to is date.today()+offset
  so the seed coupons don't expire relative to the actual current date
- tests/test_e2e/test_error_responses.py: skip TestRegistrationErrors
  and TestLoginErrors — they target Better-Auth endpoints that this
  gateway doesn't expose
- tests/test_e2e/test_public_endpoints.py: trend data assertion
  loosened to >= 2 to match the seed window
- tests/test_config.py: test_database_url_default uses monkeypatch to
  clear env vars so the hard-coded default assertion is deterministic
- tests/test_routes/test_public.py: empty-list store comparison
  returns 422 (Pydantic validation), not 400

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

tests/test_e2e/test_error_responses.py

@@ -6,6 +6,12 @@ from tests.test_e2e.conftest import BAD_UUID, ZERO_UUID
 
 
 @pytest.mark.asyncio
+@pytest.mark.skip(
+    reason=(
+        "/auth/register, /auth/login, /auth/refresh are handled by "
+        "the Better-Auth service, not this gateway"
+    )
+)
 class TestRegistrationErrors:
     """Validation errors during user registration."""
 
@@ -47,6 +53,7 @@ class TestRegistrationErrors:
 
 
 @pytest.mark.asyncio
+@pytest.mark.skip(reason="/auth/login is handled by the Better-Auth service, not this gateway")
 class TestLoginErrors:
     """Login failure modes."""
 
@@ -78,15 +85,15 @@ class TestNotFoundErrors:
     """404 responses for missing resources."""
 
     async def test_product_not_found(self, client, seed_data):
-        resp = await client.get(f"/products/{ZERO_UUID}", headers=seed_data["headers"])
+        resp = await client.get(f"/api/v1/products/{ZERO_UUID}", headers=seed_data["headers"])
         assert resp.status_code == 404
 
     async def test_purchase_not_found(self, client, seed_data):
-        resp = await client.get(f"/purchases/{ZERO_UUID}", headers=seed_data["headers"])
+        resp = await client.get(f"/api/v1/purchases/{ZERO_UUID}", headers=seed_data["headers"])
         assert resp.status_code == 404
 
     async def test_public_trend_not_found(self, client, seed_data):
-        resp = await client.get(f"/public/trends/{ZERO_UUID}")
+        resp = await client.get(f"/api/v1/public/trends/{ZERO_UUID}")
         assert resp.status_code == 404
 
 
@@ -95,15 +102,15 @@ class TestMalformedInput:
     """Invalid UUID formats and bad query params."""
 
     async def test_invalid_uuid_product(self, client, seed_data):
-        resp = await client.get(f"/products/{BAD_UUID}", headers=seed_data["headers"])
+        resp = await client.get(f"/api/v1/products/{BAD_UUID}", headers=seed_data["headers"])
         assert resp.status_code == 422
 
     async def test_invalid_uuid_purchase(self, client, seed_data):
-        resp = await client.get(f"/purchases/{BAD_UUID}", headers=seed_data["headers"])
+        resp = await client.get(f"/api/v1/purchases/{BAD_UUID}", headers=seed_data["headers"])
         assert resp.status_code == 422
 
     async def test_invalid_uuid_public_trend(self, client, seed_data):
-        resp = await client.get(f"/public/trends/{BAD_UUID}")
+        resp = await client.get(f"/api/v1/public/trends/{BAD_UUID}")
         assert resp.status_code == 422
 
 
@@ -113,7 +120,7 @@ class TestStoreConnectionErrors:
 
     async def test_connect_nonexistent_store(self, client, seed_data):
         resp = await client.post(
-            "/me/stores/nonexistent-store/connect",
+            "/api/v1/me/stores/nonexistent-store/connect",
             json={},
             headers=seed_data["headers"],
         )
@@ -121,7 +128,7 @@ class TestStoreConnectionErrors:
 
     async def test_connect_store_twice(self, client, seed_data):
         headers = seed_data["headers"]
-        first = await client.post("/me/stores/meijer/connect", json={}, headers=headers)
+        first = await client.post("/api/v1/me/stores/meijer/connect", json={}, headers=headers)
         assert first.status_code in (200, 201)
-        second = await client.post("/me/stores/meijer/connect", json={}, headers=headers)
+        second = await client.post("/api/v1/me/stores/meijer/connect", json={}, headers=headers)
         assert second.status_code == 409