fix: base64 uploads, audit log noise, and stale chunk reloads (#69)

## Summary

- **Base64 cover image uploads broken for books, shows, manga, and music** — a premature `validateStringLength` check ran before the data URL detection, rejecting all base64 images with a 2,048-char URL limit error. Also fixed the size calculation to extract only the base64 portion after the comma (matching the correct pattern already in `game.service.ts`).
- **Audit log flooded with expected 401s on `/api/auth/me`** — these occur during normal token refresh flow and are not genuine security events. Excluded this URL from the global 401/403 audit log handler.
- **ChunkLoadError spam after deployments** — when Angular lazy-loaded chunks are missing (stale cache after a redeploy), the global error handler now detects `ChunkLoadError` and silently reloads the page instead of logging the error and sending it to the API/Discord.

## Test plan

- [ ] Upload a base64 cover image for a book, show, manga, and music item — should succeed
- [ ] Verify `/api/auth/me` 401s no longer appear in the audit log
- [ ] Deploy a new build and confirm stale-chunk users are silently reloaded

✨ This PR was created with help from Hikari~ 🌸

Reviewed-on: #69
Co-authored-by: Hikari <hikari@nhcarrigan.com>
Co-committed-by: Hikari <hikari@nhcarrigan.com>

api/src/app/app.ts

@@ -22,8 +22,8 @@ export async function app(fastify: FastifyInstance, opts: AppOptions) {
       });
     }
 
-    // Log unauthorized access attempts
-    if (error.statusCode === 401 || error.statusCode === 403) {
+    // Log unauthorized access attempts (exclude /api/auth/me as 401s there are expected during token refresh)
+    if ((error.statusCode === 401 || error.statusCode === 403) && request.url !== '/api/auth/me') {
       await AuditService.log({
         action: AuditAction.unauthorizedAccess,
         category: AuditCategory.security,