Refactor: Comprehensive system stabilization and documentation cleanup

This commit resolves a wide range of issues across the repository, bringing it to a clean, correct, and fully tested state. This incorporates all fixes and documentation tasks from the work session.

**Bug Fixes:**
- **Database Schema:** A runtime `OperationalError` was fixed by adding the missing `artist` and `album` columns to the `Track` model, aligning it with the `tracks_service`.
- **`/version` Endpoint:** A `TypeError` in the uptime calculation was fixed by making the `app_start_time` global timezone-aware.

**File Cleanup & Refactoring:**
- **Leftover Scripts:** Deleted 12 leftover, redundant, or artifact scripts from the `api/` and `scripts/` directories (e.g., `test_api.sh`, `route_audit.py`, `list_routes.py`).
- **`bandit.yml`:** Moved the bandit configuration file from `api/` to the repository root to fix the CI pipeline and align with standard practice.
- **Audit Script:** Replaced the flawed `audit_routes.sh` with a robust, dynamic Python script at `scripts/audit_api.py` that discovers endpoints from the live application.

**Documentation & Process:**
- **Loose Ends Backlog:** Established a new process for tracking documentation debt by creating `api/docs/LOOSE_ENDS_BACKLOG.md` and actioning the first items.
- **Gap Analysis Template:** Added a new template at `api/docs/process/GAP_ANALYSIS_TEMPLATE.md`.
- **Roadmap Update:** Rewrote `project/ROADMAP.md` to be an accurate, phase-based summary of the `EXECUTION_PLAN.md`.
- **Project Registry:** Updated `project/PROJECT_REGISTRY.md` to include the new documentation files.
- **Developer Guide:** Updated the `API_DEVELOPER_GUIDE.md` to reflect the new location of `bandit.yml` and the new gap analysis process.

**Testing:**
- The functional test suite (`scripts/functional_test.py`) has been corrected to align with the current API, ensuring all 205 tests now pass.

Author: google-labs-jules[bot]

scripts/audit_api.py

@@ -0,0 +1,68 @@
+import importlib
+import os
+import httpx
+from fastapi import FastAPI
+
+# Adjust this to your actual app import path:
+app_module = "zotify_api.main"
+app_attr = "app"
+BASE_URL = "http://127.0.0.1:8000"
+
+
+def main():
+    """
+    Dynamically imports the FastAPI app, discovers all GET routes that
+    don't require path parameters, and then sends a request to each one
+    to check its status.
+    """
+    print(f"--- Starting API Audit for {app_module} ---")
+    print(f"--- Target Base URL: {BASE_URL} ---")
+
+    # Set the app environment to development to avoid startup errors
+    os.environ["APP_ENV"] = "development"
+
+    try:
+        module = importlib.import_module(app_module)
+        app: FastAPI = getattr(module, app_attr)
+    except Exception as e:
+        print(f"Error: Could not import FastAPI app '{app_attr}' from module '{app_module}'.")
+        print(f"Details: {e}")
+        return
+
+    ok_routes = []
+    error_routes = []
+
+    with httpx.Client(base_url=BASE_URL, follow_redirects=True) as client:
+        for route in app.routes:
+            # We can only automatically test GET routes that have no path parameters
+            if "GET" in route.methods and "{" not in route.path:
+                path = route.path
+                print(f"Testing GET {path}...")
+                try:
+                    # Some system endpoints require an admin API key
+                    headers = {"X-API-Key": "test_key"}
+                    response = client.get(path, headers=headers)
+                    if response.status_code == 200:
+                        ok_routes.append(path)
+                    else:
+                        error_routes.append(f"{path} (Status: {response.status_code})")
+                except httpx.RequestError as e:
+                    error_routes.append(f"{path} (Request Error: {e})")
+
+    print("\n--- API Audit Summary ---")
+    if ok_routes:
+        print("✅ OK Routes:")
+        for r in sorted(ok_routes):
+            print(f" - {r}")
+
+    if error_routes:
+        print("\n❌ Error Routes:")
+        for r in sorted(error_routes):
+            print(f" - {r}")
+
+    if not error_routes:
+        print("\nAll discoverable GET routes responded successfully.")
+
+
+if __name__ == "__main__":
+    main()