feat: add match slugs for security and fix message history loading

Security improvements:
- Add random CUID slugs to Match model to prevent ID enumeration attacks
- Update all match URLs from /matches/:id to /matches/:slug
- Keep numeric IDs for internal Socket.IO operations only

Backend changes:
- Add slug field to matches table with unique index
- Update all match endpoints to use slug-based lookups (GET, PUT, DELETE)
- Add GET /api/matches/:slug/messages endpoint to fetch message history
- Include matchSlug in all Socket.IO notifications

Frontend changes:
- Update all match routes to use slug parameter
- Update MatchesPage to use slug for accept/reject/navigate operations
- Update MatchChatPage to fetch match data by slug and load message history
- Update RatePartnerPage to use slug parameter
- Add matchesAPI.getMatchMessages() function

Bug fixes:
- Fix MatchChatPage not loading message history from database on mount
- Messages now persist and display correctly when users reconnect

frontend/src/services/api.js

@@ -286,24 +286,29 @@ export const matchesAPI = {
     return data;
   },
 
-  async getMatch(matchId) {
-    const data = await fetchAPI(`/matches/${matchId}`);
+  async getMatch(matchSlug) {
+    const data = await fetchAPI(`/matches/${matchSlug}`);
     return data;
   },
 
-  async acceptMatch(matchId) {
-    const data = await fetchAPI(`/matches/${matchId}/accept`, {
+  async acceptMatch(matchSlug) {
+    const data = await fetchAPI(`/matches/${matchSlug}/accept`, {
       method: 'PUT',
     });
     return data;
   },
 
-  async deleteMatch(matchId) {
-    const data = await fetchAPI(`/matches/${matchId}`, {
+  async deleteMatch(matchSlug) {
+    const data = await fetchAPI(`/matches/${matchSlug}`, {
       method: 'DELETE',
     });
     return data;
   },
+
+  async getMatchMessages(matchSlug) {
+    const data = await fetchAPI(`/matches/${matchSlug}/messages`);
+    return data;
+  },
 };
 
 export { ApiError };