Migrate 25 route files to throw-based error handling

Converted routes:
- All auth routes (totp.js, keys.js, sso-gate.js)
- Recipe deployment routes (deploy.js, manage.js, index.js)
- App deployment routes
- Config routes (assets, backup, settings)
- ARR routes (config, credentials)
- Infrastructure routes (dns, services, sites, logs)
- Additional routes (browse, ca, health, license, notifications, tailscale, updates)

Changes:
- Replaced ctx.errorResponse() with throw statements
- Replaced errorResponse() with throw statements
- Added proper error imports to each file
- 400 errors → ValidationError
- 401 errors → AuthenticationError
- 403 errors → ForbiddenError
- 404 errors → NotFoundError
- 409 errors → ConflictError
- 500 errors → Handled by middleware

Result: 25 files migrated, ~150 error responses standardized

dashcaddy-api/routes/license.js

@@ -1,5 +1,6 @@
 const express = require('express');
 const { success, error: errorResponse } = require('../response-helpers');
+const { ValidationError } = require('../errors');
 
 /**
  * License routes factory
@@ -15,7 +16,7 @@ module.exports = function({ licenseManager, asyncHandler }) {
   router.post('/activate', asyncHandler(async (req, res) => {
     const { code } = req.body;
     if (!code) {
-      return errorResponse(res, 'License code is required', 400);
+      throw new ValidationError('License code is required');
     }
 
     const result = await licenseManager.activate(code);