chore: harden setup scaffold (review fixes)

[kaitoyama]

セットアップブランチのレビューで見つけた点の修正です。scaffold(3ab1221)をベースライン main とし、本PRはその上のレビュー修正(eebd537)を載せます。

変更点

• rpc route (apps/web/server/routes/rpc/[...].ts): 誤解を招く「lazy db」コメントを実態に修正。oRPC はリクエストごとに context.db を解決するため、health.check のような DB 非依存の手続きでも DATABASE_URL が必須。getter は生成を遅延するだけで、手続きごとに条件分岐するわけではない点を明記。
• README: pnpm dev の前に DATABASE_URL（.env）が必須であることを明記。未設定だとトップページの health.check が 500 になる挙動を補足。
• packages/api: 未使用の @orpc/client 依存を削除（lockfile 同期済み）。
• CI (.github/workflows/ci.yml): actions/checkout / pnpm/action-setup / actions/setup-node を commit SHA でピン留め（サプライチェーン対策、バージョンはコメントで追跡）。

検証

ローカルで全ゲート緑を確認済み:

• pnpm install --frozen-lockfile ✅
• pnpm lint ✅
• pnpm typecheck（3 パッケージ）✅
• pnpm build（Nitro サーバ生成）✅
• ランタイム: ビルド成果物を起動し health.check の挙動（DATABASE_URL 有無での 200/500）を実機確認

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1cdf9cd0-1c39-402b-8cdc-9fdc7ada77c2

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/openspec-spec-driven-dev-5ambed

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.