fix: make plans list public, fix frontend healthcheck IPv6

PlansController had a class-level [Authorize] that gated the public
plans list, contradicting the gateway's optionalAuth on /plans. Mark
List/GetById [AllowAnonymous] and resolve tenant optionally so
anonymous callers receive global plans (purchase/current-plan stay
authenticated).

Frontend container stayed "unhealthy" because busybox wget resolves
localhost to IPv6 [::1] while the Next.js standalone server binds
IPv4 only. Use 127.0.0.1 in the healthcheck.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

docker-compose.v2.yml

@@ -297,7 +297,7 @@ services:
       gateway:
         condition: service_healthy
     healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://localhost:3000 || exit 1"]
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:3000 || exit 1"]
       interval: 30s
       timeout: 10s
       retries: 3

services/identity/FlatRender.IdentitySvc/Application/Services/Interfaces/IPlanService.cs

@@ -5,7 +5,7 @@ namespace FlatRender.IdentitySvc.Application.Services.Interfaces;
 
 public interface IPlanService
 {
-    Task<List<PlanResponse>> ListAsync(Guid tenantId, string? scope);
+    Task<List<PlanResponse>> ListAsync(Guid? tenantId, string? scope);
     Task<PlanResponse> GetByIdAsync(Guid planId);
     Task<UserPlanResponse?> GetCurrentPlanAsync(Guid userId);
     Task<PurchasePlanResponse> PurchasePlanAsync(Guid userId, Guid tenantId, PurchasePlanRequest request);

services/identity/FlatRender.IdentitySvc/Application/Services/PlanService.cs

@@ -10,7 +10,7 @@ namespace FlatRender.IdentitySvc.Application.Services;
 
 public class PlanService(IdentityDbContext db) : IPlanService
 {
-    public async Task<List<PlanResponse>> ListAsync(Guid tenantId, string? scope)
+    public async Task<List<PlanResponse>> ListAsync(Guid? tenantId, string? scope)
     {
         var query = db.Plans.Where(p =>
             p.IsActive && p.DeletedAt == null &&

services/identity/FlatRender.IdentitySvc/Controllers/PlansController.cs

@@ -11,15 +11,16 @@ namespace FlatRender.IdentitySvc.Controllers;
 [Authorize]
 public class PlansController(IPlanService planService) : ControllerBase
 {
+    [AllowAnonymous]
     [HttpGet("plans")]
     [ProducesResponseType(typeof(object), 200)]
     public async Task<IActionResult> List([FromQuery] string? scope)
     {
-        var tenantId = GetTenantId();
+        var plans = await planService.ListAsync(GetTenantIdOrNull(), scope);
-        var plans = await planService.ListAsync(tenantId, scope);
         return Ok(new { data = plans });
     }
 
+    [AllowAnonymous]
     [HttpGet("plans/{planId:guid}")]
     [ProducesResponseType(typeof(PlanResponse), 200)]
     public async Task<IActionResult> GetById(Guid planId)
@@ -43,4 +44,7 @@ public class PlansController(IPlanService planService) : ControllerBase
 
     private Guid GetTenantId() => Guid.Parse(User.FindFirst("tenant_id")?.Value
         ?? throw new UnauthorizedAccessException());
+
+    private Guid? GetTenantIdOrNull() => User.FindFirst("tenant_id")?.Value is { } t && Guid.TryParse(t, out var id)
+        ? id : null;
 }