feat: coord API — no-auth, DB softfail 503, agent tracking protocol

- coord routers: removed JWT auth requirement (internal-only endpoints)
- error_handler: SQLAlchemy OperationalError/DisconnectionError → 503
  with Retry-After: 30 header instead of 500
- /health: live DB probe (SELECT 1) instead of static response
- CLAUDE.md: "Live State Tracking" section with full agent protocol
  for all projects — session start, lock claim/release, component
  state updates, softfail + local queue catch-up
- COORDINATION_PROTOCOL.md: softfail/catch-up section + server-side
  503 behavior documented

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

api/routers/coord_status.py

@@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends, status
 from sqlalchemy.orm import Session
 
 from api.database import get_db
-from api.middleware.auth import get_current_user
 from api.schemas.coord_session_lock import CoordSessionLockResponse
 from api.schemas.coord_workflow import CoordWorkflowResponse
 from api.schemas.coord_component_state import CoordComponentStateResponse
@@ -16,7 +15,6 @@ router = APIRouter()
 @router.get("", response_model=dict, status_code=status.HTTP_200_OK)
 def get_coordination_status(
     db: Session = Depends(get_db),
-    current_user: dict = Depends(get_current_user),
 ):
     """Return a cross-project snapshot: active locks, in-progress workflows, component states, unread message counts."""
     active_locks, lock_total = coord_lock_service.get_active_locks(db, limit=200)