fix: req annexes, add HTMX inline file validation (MIME/size)

- Annexes file input now required when 'has_annexes' checkbox is checked
- PHP-side validation: if has_annexes but no files, throw error
- HTMX inline file validation: POSTs to validate-file-fragment on file change
  - Validates MIME type against per-field whitelists (couverture, note_intention,
    tfe, annexes)
  - Validates file size with PDF-specific 100MB limit
  - Supports both single-file and multi-file inputs
  - Returns green ✓ or red ✕ inline validation messages
- Shared validation logic in src/Controllers/validate-file-fragment-shared.php
- Admin wrapper: admin/validate-file-fragment.php (with AdminAuth guard)
- Partage route: /partage/validate-file-fragment (dispatched via index.php)
- CSS: .file-validation-msg, .fv-ok (green), .fv-error (red)
- file-field.php: accepts $fieldName for per-input validation type,
  auto-detects admin/partage validate URL

app/templates/partials/form/file-field.php

@@ -10,19 +10,35 @@
  *   bool        $required  — whether the field is required; default false
  *   bool        $multiple  — whether to allow multiple file selection; default false
  *   string|null $id        — override the id attribute (defaults to $name)
+ *   string|null $fieldName — validation field name for HTMX inline validation ('couverture', 'note_intention', 'tfe', 'annexes')
  */
 
-$accept   = $accept   ?? '';
-$hint     = $hint     ?? null;
-$hintRaw  = $hintRaw  ?? false; // when true, $hint is emitted as raw HTML
-$required = $required ?? false;
-$multiple = $multiple ?? false;
-$id       = $id       ?? $name;
+$accept    = $accept    ?? '';
+$hint      = $hint      ?? null;
+$hintRaw   = $hintRaw   ?? false; // when true, $hint is emitted as raw HTML
+$required  = $required  ?? false;
+$multiple  = $multiple  ?? false;
+$id        = $id        ?? $name;
+$fieldName = $fieldName ?? $name; // validation field name
 $previewId = 'fp-' . htmlspecialchars($id);
+
+// Determine HTMX POST endpoint for inline file validation
+if (defined('ADMIN_MODE') && ADMIN_MODE) {
+    $validateUrl = '/admin/validate-file-fragment.php';
+} else {
+    $validateUrl = '/partage/validate-file-fragment';
+}
 ?>
 <div>
     <label for="<?= htmlspecialchars($id) ?>"><?= htmlspecialchars($label) ?><?= $required ? ' <span class="asterisk">*</span>' : '' ?></label>
-    <div class="admin-file-input">
+    <div class="admin-file-input"
+         hx-post="<?= htmlspecialchars($validateUrl) ?>"
+         hx-encoding="multipart/form-data"
+         hx-trigger="change from:input[type='file']"
+         hx-target="find .file-validation-msg"
+         hx-swap="innerHTML"
+         hx-include="[name='admin_mode'], [name='edit_mode'], [name='field_name']">
+        <input type="hidden" name="field_name" value="<?= htmlspecialchars($fieldName) ?>">
         <input type="file"
                id="<?= htmlspecialchars($id) ?>"
                name="<?= htmlspecialchars($name) ?><?= $multiple ? '[]' : '' ?>"
@@ -30,6 +46,7 @@ $previewId = 'fp-' . htmlspecialchars($id);
                <?= $multiple ? 'multiple' : '' ?>
                <?= $required ? 'required' : '' ?>
                data-preview="<?= $previewId ?>">
+        <div class="file-validation-msg" aria-live="polite"></div>
         <div id="<?= $previewId ?>" class="file-preview-list" aria-live="polite"></div>
         <?php if ($hint): ?>
         <small><?= $hintRaw ? $hint : htmlspecialchars($hint) ?></small>
@@ -37,4 +54,4 @@ $previewId = 'fp-' . htmlspecialchars($id);
     </div>
 </div>
 <?php
-unset($accept, $hint, $hintRaw, $required, $multiple, $id, $previewId);
+unset($accept, $hint, $hintRaw, $required, $multiple, $id, $fieldName, $previewId, $validateUrl);