feat: add S3 storage support, policy migration, and quota enforcement

- Add S3StorageService with AWS Signature V4 signing (URI-encoded for non-ASCII keys)
- Add PATCH /object/{id}/policy endpoint for switching storage policies with background migration
- Implement cross-storage file migration service (local <-> S3)
- Replace deprecated StorageType enum with PolicyType (local/s3)
- Implement GET /user/settings/policies endpoint (was 501 stub)
- Add storage quota pre-allocation on upload session creation to prevent concurrent bypass
- Fix BigInteger for max_storage and user.storage to support >2GB values
- Add policy permission validation on upload and directory creation
- Use group's first policy as default on registration instead of hardcoded name
- Define TaskType.POLICY_MIGRATE and extend TaskProps with migration fields

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

routers/api/v1/user/__init__.py

@@ -247,11 +247,12 @@ async def router_user_register(
     )
     await identity.save(session)
 
-    # 8. 创建用户根目录
-    default_policy = await sqlmodels.Policy.get(session, sqlmodels.Policy.name == "本地存储")
-    if not default_policy:
-        logger.error("默认存储策略不存在")
+    # 8. 创建用户根目录（使用用户组关联的第一个存储策略）
+    await session.refresh(default_group, ['policies'])
+    if not default_group.policies:
+        logger.error("默认用户组未关联任何存储策略")
         http_exceptions.raise_internal_error()
+    default_policy = default_group.policies[0]
 
     await sqlmodels.Object(
         name="/",