Add ShieldAI browser extension with phishing & spam detection (FRE-4576)

- Extension package: Manifest V3, background service worker, content scripts
- Phishing detection engine with heuristic analysis (typosquatting, entropy, TLD, brand impersonation)
- Local URL caching layer (Storage API) for <100ms cached lookups
- Popup UI with protection status, stats, and phishing report button
- Options page for settings management (blocked/allowed domains, feature toggles)
- Server-side extension routes: URL check, phishing report, auth, stats, exposure check
- Tier-aware feature gating (Basic/Plus/Premium)
- 25 passing tests for phishing detection heuristics
- Declarative net request rules for known phishing patterns
- DarkWatch integration for credential exposure checks
- Firefox compatibility layer via build modes

Co-Authored-By: Paperclip <noreply@paperclip.ing>

packages/api/src/server.ts

@@ -7,6 +7,7 @@ import { authMiddleware } from "./middleware/auth.middleware";
 import { darkwatchRoutes } from "./routes/darkwatch.routes";
 import { voiceprintRoutes } from "./routes/voiceprint.routes";
 import { correlationRoutes } from "./routes/correlation.routes";
+import { extensionRoutes } from "./routes/extension.routes";
 import { initDatadog, initSentry, captureSentryError } from "@shieldai/monitoring";
 import { getCorsOrigins } from "./config/api.config";
 
@@ -40,6 +41,7 @@ async function bootstrap() {
   await app.register(darkwatchRoutes);
   await app.register(voiceprintRoutes);
   await app.register(correlationRoutes);
+  await app.register(extensionRoutes, { prefix: '/extension' });
 
   app.get("/health", async () => ({ status: "ok", timestamp: new Date().toISOString() }));