fix: scope pg_stat_activity queries by ApplicationName for tenant isolation

DatabaseAdminController's active-queries and kill-query endpoints could
expose SQL text from other tenants sharing the same PostgreSQL instance.
Added ApplicationName=tenant_{id} to the JDBC URL and filter
pg_stat_activity by application_name so each tenant only sees its own
connections.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/DatabaseAdminController.java

@@ -102,6 +102,7 @@ public class DatabaseAdminController {
                        state, query
                 FROM pg_stat_activity
                 WHERE state != 'idle' AND pid != pg_backend_pid() AND datname = current_database()
+                  AND application_name = current_setting('application_name')
                 ORDER BY query_start ASC
                 """, (rs, row) -> new ActiveQueryResponse(
                 rs.getInt("pid"), rs.getDouble("duration_seconds"),
@@ -113,7 +114,7 @@ public class DatabaseAdminController {
     @Operation(summary = "Terminate a query by PID")
     public ResponseEntity<Void> killQuery(@PathVariable int pid, HttpServletRequest request) {
         var exists = jdbc.queryForObject(
-                "SELECT EXISTS(SELECT 1 FROM pg_stat_activity WHERE pid = ? AND pid != pg_backend_pid())",
+                "SELECT EXISTS(SELECT 1 FROM pg_stat_activity WHERE pid = ? AND pid != pg_backend_pid() AND application_name = current_setting('application_name'))",
                 Boolean.class, pid);
         if (!Boolean.TRUE.equals(exists)) {
             throw new ResponseStatusException(HttpStatus.NOT_FOUND, "No active query with PID " + pid);

cameleer3-server-app/src/main/resources/application.yml

@@ -7,7 +7,7 @@ spring:
       max-file-size: 200MB
       max-request-size: 200MB
   datasource:
-    url: ${SPRING_DATASOURCE_URL:jdbc:postgresql://localhost:5432/cameleer3?currentSchema=tenant_${cameleer.server.tenant.id}}
+    url: ${SPRING_DATASOURCE_URL:jdbc:postgresql://localhost:5432/cameleer3?currentSchema=tenant_${cameleer.server.tenant.id}&ApplicationName=tenant_${cameleer.server.tenant.id}}
     username: ${SPRING_DATASOURCE_USERNAME:cameleer}
     password: ${SPRING_DATASOURCE_PASSWORD:cameleer_dev}
     driver-class-name: org.postgresql.Driver