style(app): apply eslint --fix to Tier 2 (TypeScript plumbing)

WS-3 session 1b-i Tier 2.

Scope: composables, lib, stores, plugins, types, utils, navigation,
main.ts. Mechanical fixes only — predominantly newline-before-return,
arrow-parens, antfu/if-newline, padding-line-between-statements, plus
one unicorn/prefer-includes (.some(p => x === p) → .includes(x))
in router guards.

Excludes (per session prompt):
- apps/app/vite.config.ts (Tier 3)
- apps/app/themeConfig.ts (Tier 3)
- apps/app/vitest.config.ts (Tier 3)
- All .vue files (already in Tier 1)

Hand-reviewed diffs for the three auth/router-critical files before
committing:
- src/lib/axios.ts: reviewed clean. Pure mechanical (quote-props on
  Accept header, curly-strip on single-statement ifs, one blank line
  before impersonationStore.clearState()). No type-import changes,
  no logic touched.
- src/stores/useAuthStore.ts: reviewed clean. curly-strip + padding
  before returns. The initialize()/doInitialize() race-condition guard
  on isInitialized is preserved verbatim.
- src/plugins/1.router/guards.ts: reviewed clean. if-newline reformat
  + one .some() → .includes() rewrite that's behaviorally identical
  for primitive equality on the guestOnlyPaths string array.

Tests + typecheck verified green post-fix:
- apps/app vitest: 49 passed (unchanged)
- apps/app vue-tsc: clean (unchanged)

Lint baseline progression:
- Pre-Tier-2: 422 problems (post-Tier-1)
- Post-Tier-2: 246 problems

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

apps/app/src/plugins/1.router/guards.ts

@@ -7,9 +7,8 @@ export function setupGuards(router: Router) {
     const authStore = useAuthStore()
 
     // Wait for initialization to complete (only blocks on first navigation)
-    if (!authStore.isInitialized) {
+    if (!authStore.isInitialized)
       await authStore.initialize()
-    }
 
     if (import.meta.env.DEV) {
       console.log('🔒 Router Guard:', {
@@ -24,40 +23,55 @@ export function setupGuards(router: Router) {
     // Allow public routes (login, auth pages, 404) — but redirect authenticated users away from login
     if (isPublic) {
       const guestOnlyPaths = ['/login', '/forgot-password', '/reset-password', '/verify-email-change']
-      if (authStore.isAuthenticated && guestOnlyPaths.some(p => to.path === p)) {
-        if (import.meta.env.DEV) console.log('🔄 Redirecting logged-in user away from login page')
+      if (authStore.isAuthenticated && guestOnlyPaths.includes(to.path)) {
+        if (import.meta.env.DEV)
+          console.log('🔄 Redirecting logged-in user away from login page')
+
         return { name: 'dashboard' }
       }
-      if (import.meta.env.DEV) console.log('✅ Public route, allowing access')
+      if (import.meta.env.DEV)
+        console.log('✅ Public route, allowing access')
+
       return
     }
 
     // Routes that opt out of auth (e.g. invitations)
     if (to.meta.requiresAuth === false) {
-      if (import.meta.env.DEV) console.log('✅ Route does not require auth')
+      if (import.meta.env.DEV)
+        console.log('✅ Route does not require auth')
+
       return
     }
 
     // Not authenticated → redirect to login with return URL
     if (!authStore.isAuthenticated) {
-      if (import.meta.env.DEV) console.log('🚫 Not authenticated, redirecting to login')
+      if (import.meta.env.DEV)
+        console.log('🚫 Not authenticated, redirecting to login')
+
       return { path: '/login', query: { to: to.fullPath } }
     }
 
     // MFA enforcement — redirect to security settings if MFA setup is required
     if (authStore.mfaSetupRequired && to.path !== '/account-settings') {
-      if (import.meta.env.DEV) console.log('🔒 MFA setup required, redirecting to security settings')
+      if (import.meta.env.DEV)
+        console.log('🔒 MFA setup required, redirecting to security settings')
+
       return { path: '/account-settings', query: { tab: 'security' } }
     }
 
     // Platform admin routes — require super_admin role
     if (to.path.startsWith('/platform')) {
       if (!authStore.isSuperAdmin) {
-        if (import.meta.env.DEV) console.log('🚫 Not a super admin, redirecting to dashboard')
+        if (import.meta.env.DEV)
+          console.log('🚫 Not a super admin, redirecting to dashboard')
+
         return { name: 'dashboard' }
       }
+
       // Platform routes don't require organisation selection
-      if (import.meta.env.DEV) console.log('✅ Super admin access to platform route')
+      if (import.meta.env.DEV)
+        console.log('✅ Super admin access to platform route')
+
       return
     }
 
@@ -66,16 +80,21 @@ export function setupGuards(router: Router) {
     const isSelectOrgPage = to.path === '/select-organisation'
 
     if (isSelectOrgPage) {
-      if (import.meta.env.DEV) console.log('✅ Organisation selection page')
+      if (import.meta.env.DEV)
+        console.log('✅ Organisation selection page')
+
       return
     }
 
     // If user has organisations but none selected → redirect to selection
     if (authStore.organisations.length > 0 && !orgStore.hasOrganisation) {
-      if (import.meta.env.DEV) console.log('🔄 No organisation selected, redirecting')
+      if (import.meta.env.DEV)
+        console.log('🔄 No organisation selected, redirecting')
+
       return { path: '/select-organisation' }
     }
 
-    if (import.meta.env.DEV) console.log('✅ Access granted')
+    if (import.meta.env.DEV)
+      console.log('✅ Access granted')
   })
 }