feat: remove OTP gate from transactions, fix categories auth, add implementation plan

- Remove OtpGateGuard from transactions controller (OTP verified at login)
- Fix categories controller to use authenticated user instead of TEMP_USER_ID
- Add comprehensive implementation plan document
- Update .env.example with WEB_APP_URL
- Prepare for admin dashboard development

apps/api/src/health/health.controller.ts

@@ -16,4 +16,4 @@ export class HealthController {
     await this.prisma.$queryRaw`SELECT 1`;
     return { db: 'connected' };
   }
-}
+}