fix: validate API key prefixes before creation

[KirillYarkov]

Summary

• Validate and trim API key prefixes before calling better-auth.
• Treat empty trimmed prefixes as undefined.
• Surface API key creation errors in the UI instead of showing only a generic failure toast.
• Add client-side form validation with a clear prefix message.
• Add regression coverage for missing, valid, invalid, trimmed, empty, and server-returned prefix errors.

Root Cause

user.createApiKey accepted any prefix string and passed it through to better-auth. Invalid prefixes were rejected there as a generic error, which surfaced through tRPC as INTERNAL_SERVER_ERROR / HTTP 500 instead of a client validation error. The UI also discarded server error details and always showed Failed to generate API key.

Validation

• npx --yes pnpm@10.22.0 --dir apps/dokploy exec vitest --config __test__/vitest.config.ts __test__/user/create-api-key-errors.test.ts __test__/user/create-api-key.test.ts --run
• npx --yes pnpm@10.22.0 exec biome check apps/dokploy/__test__/user/create-api-key-errors.test.ts apps/dokploy/__test__/user/create-api-key.test.ts apps/dokploy/components/dashboard/settings/api/api-key-errors.ts apps/dokploy/components/dashboard/settings/api/add-api-key.tsx apps/dokploy/server/api/routers/user.ts packages/server/src/services/user.ts
• npx --yes pnpm@10.22.0 --filter=dokploy typecheck
• npx --yes pnpm@10.22.0 --filter=@dokploy/server typecheck

Note: local checks ran under Node v18.19.1, while .nvmrc specifies Node 24.4.0, so pnpm emitted engine warnings.