feat: 구매/안전 시스템 전면 개편 — tkpurchase 개편 + tksafety 신규 + 권한 보강

Phase 1: tkuser 협력업체 CRUD 이관 (읽기전용 → 전체 CRUD)
Phase 2: tkpurchase 개편 — 일용공 신청/확정, 작업일정, 업무현황, 계정관리, 협력업체 포털
Phase 3: tksafety 신규 시스템 — 방문관리 + 안전교육 신고
Phase 4: SSO 인증 보강 (partner_company_id JWT, 만료일 체크), 권한 테이블 기반 접근 제어

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docker-compose.yml

@@ -325,6 +325,46 @@ services:
     networks:
       - tk-network
 
+  # =================================================================
+  # Safety Management (tksafety)
+  # =================================================================
+
+  tksafety-api:
+    build:
+      context: ./tksafety/api
+      dockerfile: Dockerfile
+    container_name: tk-tksafety-api
+    restart: unless-stopped
+    ports:
+      - "30500:3000"
+    environment:
+      - NODE_ENV=production
+      - PORT=3000
+      - DB_HOST=mariadb
+      - DB_PORT=3306
+      - DB_USER=${MYSQL_USER:-hyungi_user}
+      - DB_PASSWORD=${MYSQL_PASSWORD}
+      - DB_NAME=${MYSQL_DATABASE:-hyungi}
+      - SSO_JWT_SECRET=${SSO_JWT_SECRET}
+    depends_on:
+      mariadb:
+        condition: service_healthy
+    networks:
+      - tk-network
+
+  tksafety-web:
+    build:
+      context: ./tksafety/web
+      dockerfile: Dockerfile
+    container_name: tk-tksafety-web
+    restart: unless-stopped
+    ports:
+      - "30580:80"
+    depends_on:
+      - tksafety-api
+    networks:
+      - tk-network
+
   # =================================================================
   # AI Service — 맥미니로 이전됨 (~/docker/tk-ai-service/)
   # =================================================================
@@ -386,6 +426,7 @@ services:
       - system2-web
       - system3-web
       - tkpurchase-web
+      - tksafety-web
     networks:
       - tk-network