feat: grant Elysian role on auth and prompt non-members to join (#134)

## Summary

- Grants the Elysian Discord role to players on login/registration and persists an `inGuild` flag on the Player record
- Connects to the Discord Gateway via WebSocket to keep `inGuild` in sync as players join or leave the server
- Shows a dismissible "Join our community" modal to players who are not yet in the guild
- Hardens `inGuild` exposure through the load endpoint and game context
- Moves all non-secret Discord IDs (guild, role, client, redirect URI) out of env vars and into hardcoded constants; removes them from `prod.env`

## Test plan

- [ ] Lint, build, and test pipeline passes (100% coverage maintained)
- [ ] New player auth grants Elysian role and sets `inGuild: true`
- [ ] Existing player auth re-attempts role grant and updates `inGuild`
- [ ] Join community modal appears for players not in the guild
- [ ] Modal does not reappear within the same browser session after dismissal
- [ ] Gateway correctly sets `inGuild: true/false` on member add/remove events

✨ This issue was created with help from Hikari~ 🌸

Reviewed-on: #134
Co-authored-by: Hikari <hikari@nhcarrigan.com>
Co-committed-by: Hikari <hikari@nhcarrigan.com>

apps/api/src/services/webhook.ts

@@ -15,6 +15,49 @@ const discordApi = "https://discord.com/api/v10";
  */
 const suppressNotifications = 4096;
 
+/**
+ * The Discord role ID for the Elysian role granted to all Elysium players.
+ */
+const discordGuildId = "1354624415861833870";
+const elysianRoleId = "1486144823684628490";
+const apotheosisRoleId = "1479966598210129991";
+
+/**
+ * Grants the Elysian Discord role to the given player and returns whether they are in the guild.
+ * Fails silently so role grant errors do not affect the auth flow.
+ * @param discordId - The Discord user ID to grant the role to.
+ * @returns True if the player is in the guild and the role was granted, false otherwise.
+ */
+const grantElysianRole = async(discordId: string): Promise<boolean> => {
+  const botToken = process.env.DISCORD_BOT_TOKEN;
+
+  if (botToken === undefined || botToken === "") {
+    return false;
+  }
+
+  try {
+    const response = await fetch(
+      `${discordApi}/guilds/${discordGuildId}/members/${discordId}/roles/${elysianRoleId}`,
+      {
+        headers: {
+          "Authorization": `Bot ${botToken}`,
+          "User-Agent":    "DiscordBot (https://elysium.nhcarrigan.com, 1.0.0)",
+        },
+        method: "PUT",
+      },
+    );
+    return response.ok || response.status === 204;
+  } catch (error) {
+    void logger.error(
+      "webhook_elysian_role",
+      error instanceof Error
+        ? error
+        : new Error(String(error)),
+    );
+    return false;
+  }
+};
+
 /**
  * Grants the apotheosis Discord role to the given player if configured.
  * Fails silently so role grant errors do not affect the game action.
@@ -23,23 +66,20 @@ const suppressNotifications = 4096;
  */
 const grantApotheosisRole = async(discordId: string): Promise<void> => {
   const botToken = process.env.DISCORD_BOT_TOKEN;
-  const guildId = process.env.DISCORD_GUILD_ID;
-  const roleId = process.env.DISCORD_APOTHEOSIS_ROLE_ID;
 
-  if (
-    botToken === undefined || botToken === ""
-    || guildId === undefined || guildId === ""
-    || roleId === undefined || roleId === ""
-  ) {
+  if (botToken === undefined || botToken === "") {
     return;
   }
 
   try {
     await fetch(
-      `${discordApi}/guilds/${guildId}/members/${discordId}/roles/${roleId}`,
+      `${discordApi}/guilds/${discordGuildId}/members/${discordId}/roles/${apotheosisRoleId}`,
       {
-        headers: { Authorization: `Bot ${botToken}` },
-        method:  "PUT",
+        headers: {
+          "Authorization": `Bot ${botToken}`,
+          "User-Agent":    "DiscordBot (https://elysium.nhcarrigan.com, 1.0.0)",
+        },
+        method: "PUT",
       },
     );
   } catch (error) {
@@ -109,4 +149,4 @@ const postMilestoneWebhook = async(
   }
 };
 
-export { grantApotheosisRole, postMilestoneWebhook };
+export { grantApotheosisRole, grantElysianRole, postMilestoneWebhook };