feat: complete M0 — legal pages, consent, tip_views metrics, account deletion UI

- /legal/terms and /legal/privacy pages (linked from sign-in)
- Consent (consentGiven=true) recorded on first Google sign-in
- tip_views table: one row per tip served — enables activation + reaction rate queries
- tip_views purged on account deletion
- Delete account button on /connect (confirm → revoke tokens → purge data → sign out)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

services/api/src/routes/recommender.ts

@@ -1,7 +1,7 @@
 import { type Router as ExpressRouter, Router, Response } from 'express';
 import { nanoid } from 'nanoid';
 import { db } from '../db/index.js';
-import { integrationTokens, tipFeedback } from '../db/schema.js';
+import { integrationTokens, tipFeedback, tipViews } from '../db/schema.js';
 import { eq, and } from 'drizzle-orm';
 import { requireAuth, AuthenticatedRequest } from '../middleware/session.js';
 import type { Tip } from '@oo/shared-types';
@@ -72,6 +72,14 @@ router.post('/recommend', requireAuth, async (req: AuthenticatedRequest, res: Re
     return;
   }
 
+  // Record metric: tip served
+  await db.insert(tipViews).values({
+    id: nanoid(),
+    userId: req.userId!,
+    tipId: tip.id,
+    servedAt: new Date().toISOString(),
+  });
+
   res.json({ tip });
 });