feat: coord API — no-auth, DB softfail 503, agent tracking protocol

- coord routers: removed JWT auth requirement (internal-only endpoints)
- error_handler: SQLAlchemy OperationalError/DisconnectionError → 503
  with Retry-After: 30 header instead of 500
- /health: live DB probe (SELECT 1) instead of static response
- CLAUDE.md: "Live State Tracking" section with full agent protocol
  for all projects — session start, lock claim/release, component
  state updates, softfail + local queue catch-up
- COORDINATION_PROTOCOL.md: softfail/catch-up section + server-side
  503 behavior documented

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

api/routers/coord_components.py

@@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends, Query, status
 from sqlalchemy.orm import Session
 
 from api.database import get_db
-from api.middleware.auth import get_current_user
 from api.schemas.coord_component_state import CoordComponentStateUpsert, CoordComponentStateResponse
 from api.services import coord_component_service
 
@@ -15,7 +14,6 @@ router = APIRouter()
 def list_component_states(
     project_key: str | None = Query(default=None),
     db: Session = Depends(get_db),
-    current_user: dict = Depends(get_current_user),
 ):
     """List all component states, optionally filtered by project."""
     states = coord_component_service.get_component_states(db, project_key=project_key)
@@ -31,7 +29,6 @@ def upsert_component_state(
     component: str,
     data: CoordComponentStateUpsert,
     db: Session = Depends(get_db),
-    current_user: dict = Depends(get_current_user),
 ):
     """Create or update the state of a component within a project."""
     state = coord_component_service.upsert_component_state(db, project_key, component, data)