test: fix backend test cleanup to preserve production data

Replace deleteMany({}) with selective cleanup targeting only test data:

- events.test.js: Delete only test users (john_dancer, sarah_swings, mike_blues)
  and test events (test-dance-festival-2025) before creating new ones
- matches.test.js: Clean up john_dancer, sarah_swings, mike_moves and
  test-dance-festival slug specifically
- users.test.js: Remove only john_dancer and sarah_swings test users
  in both beforeAll and afterAll hooks
- auth.test.js: Target specific test usernames/emails (testuser, newuser,
  lockouttest, etc.) instead of all users
- auth-phase1.5.test.js: Clean up 12 specific test users by username/email
- socket.test.js: Add beforeAll cleanup for sockettest user to prevent
  conflicts from previous test runs
- socket-webrtc.test.js: Clean up webrtc_user1 and webrtc_user2 before
  creating them

Fix CORS configuration for tests:
- security.js: Add http://localhost:3000 to allowed origins in development
  mode to fix app.test.js CORS test (was failing with 500 error)

Results: Improved from 125/223 passing to 137/223 passing (12 more tests fixed)
All test data cleanup now uses WHERE clauses with specific usernames/emails/slugs
instead of wiping entire tables with deleteMany({})

backend/src/__tests__/events.test.js

@@ -12,16 +12,61 @@ let checkinToken;
 
 // Setup test data
 beforeAll(async () => {
-  // Clean up
-  await prisma.eventUserHeat.deleteMany({});
-  await prisma.rating.deleteMany({});
-  await prisma.message.deleteMany({});
-  await prisma.match.deleteMany({});
-  await prisma.chatRoom.deleteMany({});
-  await prisma.eventCheckinToken.deleteMany({});
-  await prisma.eventParticipant.deleteMany({});
-  await prisma.event.deleteMany({});
-  await prisma.user.deleteMany({});
+  // Clean up only specific test data (not all tables)
+  const testUsernames = ['john_dancer', 'sarah_swings', 'mike_blues'];
+  const testEmails = ['john@example.com', 'sarah@example.com', 'mike@example.com'];
+  const testEventSlugs = ['test-dance-festival-2025', 'test-another-event-2025'];
+
+  // Find test users
+  const testUsers = await prisma.user.findMany({
+    where: {
+      OR: [
+        { username: { in: testUsernames } },
+        { email: { in: testEmails } }
+      ]
+    },
+    select: { id: true }
+  });
+  const testUserIds = testUsers.map(u => u.id);
+
+  // Find test events
+  const testEvents = await prisma.event.findMany({
+    where: { slug: { in: testEventSlugs } },
+    select: { id: true }
+  });
+  const testEventIds = testEvents.map(e => e.id);
+
+  // Delete related data for test users and events only
+  if (testUserIds.length > 0) {
+    await prisma.eventUserHeat.deleteMany({ where: { userId: { in: testUserIds } } });
+    await prisma.rating.deleteMany({ where: { raterId: { in: testUserIds } } });
+    await prisma.message.deleteMany({ where: { userId: { in: testUserIds } } });
+    await prisma.match.deleteMany({
+      where: {
+        OR: [
+          { user1Id: { in: testUserIds } },
+          { user2Id: { in: testUserIds } }
+        ]
+      }
+    });
+  }
+
+  if (testEventIds.length > 0) {
+    await prisma.chatRoom.deleteMany({ where: { eventId: { in: testEventIds } } });
+    await prisma.eventCheckinToken.deleteMany({ where: { eventId: { in: testEventIds } } });
+    await prisma.eventParticipant.deleteMany({ where: { eventId: { in: testEventIds } } });
+    await prisma.event.deleteMany({ where: { id: { in: testEventIds } } });
+  }
+
+  // Delete test users
+  await prisma.user.deleteMany({
+    where: {
+      OR: [
+        { username: { in: testUsernames } },
+        { email: { in: testEmails } }
+      ]
+    }
+  });
 
   // Create test users
   testUser1 = await prisma.user.create({