refactor: rename database → storage

More semantically accurate: contains SQLite files, schema, fixtures, test data.
Updated all references in code, scripts, docs.

docs/MIGRATION_CHECKLIST.md

@@ -52,7 +52,7 @@ sed -i 's/@php -S 127.0.0.1:8000/@php -S 127.0.0.1:8000 -t public\//' justfile
 # 2. Test new dev server
 just serve
 # Visit http://localhost:8000
-# Verify http://localhost:8000/database/test.db returns 404
+# Verify http://localhost:8000/storage/test.db returns 404
 
 # 3. If it works, you're ready for production migration
 ```
@@ -118,13 +118,13 @@ location ^~ /admin/ {
 3. **Remove/update deny rules** (lines 48-60) - These become redundant!
 ```nginx
 # BEFORE - needed because everything in DocumentRoot
-location ^~ /database/ { deny all; }
+location ^~ /storage/ { deny all; }
 location ^~ /shared/ { deny all; }
 location ^~ /data/ { deny all; }
 
 # AFTER - can remove! They're already outside public/
 # But keep as defense-in-depth:
-location ^~ /database/ { deny all; }  # Will never match, but safe
+location ^~ /storage/ { deny all; }  # Will never match, but safe
 ```
 
 ### In justfile:
@@ -191,9 +191,9 @@ deploy:
 test-deploy:
     @echo "⚠️  Deploying test database"
     ssh posterg "mkdir -p /var/www/posterg/database"
-    rsync -vur --progress ./database/test.db posterg:/var/www/posterg/database/
-    ssh posterg "chown www-data:posterg /var/www/posterg/database/test.db && \
-                 chmod 660 /var/www/posterg/database/test.db"
+    rsync -vur --progress ./storage/test.db posterg:/var/www/posterg/storage/
+    ssh posterg "chown www-data:posterg /var/www/posterg/storage/test.db && \
+                 chmod 660 /var/www/posterg/storage/test.db"
     @echo "✅ Test database deployed"
 ```
 
@@ -209,7 +209,7 @@ just serve
 # In another terminal:
 curl http://localhost:8000/                    # ✅ Should work
 curl http://localhost:8000/admin/              # ✅ Should work (after moving)
-curl http://localhost:8000/database/test.db    # ❌ Should 404
+curl http://localhost:8000/storage/test.db    # ❌ Should 404
 curl http://localhost:8000/config/             # ❌ Should 404
 curl http://localhost:8000/vendor/             # ❌ Should 404
 ```
@@ -226,7 +226,7 @@ curl http://localhost:8000/admin/              # ✅ works
 curl http://localhost:8000/assets/css/style.css # ✅ works
 
 # Verify old paths don't work
-curl http://localhost:8000/../database/test.db # ❌ 404
+curl http://localhost:8000/../storage/test.db # ❌ 404
 curl http://localhost:8000/../config/          # ❌ 404
 ```
 
@@ -238,7 +238,7 @@ just server-status
 # Manual checks
 curl -I https://posterg.erg.be/
 curl -I https://posterg.erg.be/admin/
-curl -I https://posterg.erg.be/database/test.db  # Must be 404!
+curl -I https://posterg.erg.be/storage/test.db  # Must be 404!
 ```
 
 ---
@@ -260,7 +260,7 @@ require_once 'database/test.db';
 <?php
 require_once __DIR__ . '/../config/config.php';
 require_once __DIR__ . '/../src/lib/Database.php';
-$db = new PDO('sqlite:' . __DIR__ . '/../database/test.db');
+$db = new PDO('sqlite:' . __DIR__ . '/../storage/test.db');
 ```
 
 **Or use a bootstrap:**
@@ -272,7 +272,7 @@ require_once __DIR__ . '/../config/bootstrap.php';
 // config/bootstrap.php
 define('APP_ROOT', dirname(__DIR__));
 define('PUBLIC_ROOT', APP_ROOT . '/public');
-define('DATABASE_PATH', APP_ROOT . '/database/test.db');
+define('DATABASE_PATH', APP_ROOT . '/storage/test.db');
 
 require_once APP_ROOT . '/vendor/autoload.php';
 ```