chore(t-paliad-081): doc + dead-code batch (F-5/F-10/F-11/F-15/F-16/F-17/F-18)

Bundle of small audit findings, all doc-only or dead-code:

- F-5: refresh stale escalation-contact comment in models.User —
  Settings UI dropdown shipped 2026-04-29 (t-paliad-066).
- F-10: add "OBSOLETED by migration 018" note to migrations 004/005/006
  so readers stop hunting for the live shape in obsolete files.
- F-11: document the data-loss semantics of dropping
  paliad.partner_unit_events on the 027 down — audit rows are
  append-only telemetry, accepted loss on rollback.
- F-15: drop the patholo_session / patholo_refresh cookie fallback
  added during the 2026-04-16 rebrand. Active users have long since
  been re-authed through the upgrade path; inactive users hit the
  normal /login flow.
- F-16: refresh stale /api/departments comment in team_pages.go to
  /api/partner-units (renamed in t-paliad-070).
- F-17: move internal/db/migrations/_dev/mock_supabase_auth.sql to
  internal/db/devtools/ so a future loosening of the //go:embed
  pattern can't accidentally ship the dev-only fixture.
- F-18: update docs/project-status.md "Audit polish-2" entry — the
  batch shipped via t-paliad-067 / 068 / 073, follow-ups are now
  tracked under the 2026-04-30 re-audit + t-paliad-074.

go build / vet / test clean.

internal/db/migrations/004_akten.up.sql

@@ -1,5 +1,9 @@
 -- Phase A: paliad.akten — the central Akte (matter) entity.
 --
+-- OBSOLETED by migration 018 (data model v2): paliad.akten is dropped and
+-- replaced by paliad.projects. The effective shape lives in 018; this file
+-- is kept only so a fresh database can replay the migration history.
+--
 -- Office-scoped visibility columns (per design §2):
 --   owning_office       — the office the Akte belongs to
 --   collaborators       — uuid[] of users with explicit access (cross-office)

internal/db/migrations/005_akten_children.up.sql

@@ -1,5 +1,10 @@
 -- Phase A: child tables of paliad.akten.
 -- All inherit visibility from their parent Akte via RLS policies in migration 007.
+--
+-- OBSOLETED by migration 018 (data model v2): these tables are renamed/rewired
+-- to hang off paliad.projects (parteien→parties, etc.) and later renamed to
+-- English in migration 020. The effective shape lives in 018+020; this file
+-- is kept only so a fresh database can replay the migration history.
 
 -- ============================================================================
 -- parteien (parties to an Akte)

internal/db/migrations/006_visibility.up.sql

@@ -1,6 +1,11 @@
 -- Phase A: paliad.can_see_akte(akte_id) — single source of truth for
 -- office-scoped Akten visibility (design §2).
 --
+-- OBSOLETED by migration 018 (data model v2): can_see_akte() is dropped and
+-- replaced by paliad.can_see_project(project_id) with team-based visibility
+-- (direct + inherited up the project tree). The effective shape lives in 018;
+-- this file is kept only so a fresh database can replay the migration history.
+--
 -- A user can see an Akte iff ANY of:
 --   - the Akte is flagged firm_wide_visible
 --   - the Akte's owning_office matches the user's office

internal/db/migrations/027_rename_to_partner_units.down.sql

@@ -16,6 +16,12 @@
 -- data restorations.
 
 -- 1. Drop the audit table.
+--
+-- DATA LOSS: paliad.partner_unit_events has no pre-027 equivalent, so its
+-- rows cannot be migrated forward on a re-up. Any audit history accumulated
+-- since 027 was applied will be permanently lost on rollback. This is
+-- accepted because audits are append-only telemetry, not authoritative
+-- state — losing them does not corrupt the rest of the schema.
 DROP TABLE IF EXISTS paliad.partner_unit_events;
 
 -- 2. Rename RLS policies back.