refactor(file-manager): Separate agent operations, add reserved path protection & sub-workflow support

Summary

This MR introduces a significant refactoring of the File Manager service to improve separation of concerns, enhance security, and add new functionality.

Key Changes

🏗️ Architecture Improvements

Controller Separation

• FileManagerController now handles only generic file operations
• AgentFileManagerController now owns all agent-specific operations (uploads included)
• Clearer API boundaries and responsibility distribution

New Helper Classes

• FileUrlHelper: Centralized S3 URL generation
• ReservedPathValidator: Prevents uploads to system paths
• FileAccessLogHelper: Extracted access logging logic

🔒 Security Enhancements

• Reserved Path Protection: Users cannot upload to agent-space/ or other system paths
• File Usage Type Restriction: Reserved types require specific endpoints with proper validation

✨ New Features

• Sub N8N Workflow Templates: Full CRUD support for sub-workflow JSON files
  • POST /upload/sub-n8n-workflow-templates
  • GET /get/sub-n8n-workflow-templates
  • GET /get-content/sub-n8n-workflow-templates

🧹 Code Quality

• Comprehensive BusinessErrorCode enum with categorized ranges (001-999)
• Removed duplicate code and fixed double dependency injection
• Standardized error handling across all services
• Added unit tests for BusinessErrorCode validation

Breaking Changes

⚠️ Endpoint Migration Required

Agent-specific upload endpoints have moved:

Old Location	New Location
FileManagerController	AgentFileManagerController

API paths remain unchanged (/api/file-manager/*).

Testing

• Unit tests for BusinessErrorCode
• Integration tests for reserved path validation
• E2E tests for sub-workflow templates
• Regression tests for existing functionality