badges: per-tier search limits — result cap + min chars, config UI

Add anonymous/auth/trusted search constraints to BadgesRemoteCfg with
conservative defaults (anon: 15 results / 3 chars, auth: 25 / 2,
trusted+: 150 / 1). Configurable per event via mod_badges_json.

- BadgesRemoteCfg + BadgesLocState: 6 new fields with defaults
- sync_config__event_badges: mirrors new fields from mod_badges_json
- +page.svelte: effective_search_limits derived by tier using $ae_loc
  cumulative flags; enforces min_chars guard and result cap on both
  local IDB path and API call
- ae_comp__badge_search: effective_min_chars derived same way; blocks
  search trigger below threshold; shows dynamic hint text
- Fallback broad search (SCENARIO 2) suppressed for non-trusted users
  so no results show on page load without a query
- config/+page.svelte: Search Limits section with 3-column number
  inputs (Anonymous / Auth / Trusted+) for result limit and min chars

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/lib/ae_events/ae_events__event.ts

@@ -1095,6 +1095,14 @@ export function sync_config__event_badges({
     loc.enable_search_qr = badges_cfg_remote?.enable_search_qr ?? true;
     loc.qr_type = badges_cfg_remote?.qr_type ?? null;
 
+    // Per-tier search constraints
+    loc.anon_search_result_limit = badges_cfg_remote?.anon_search_result_limit ?? 15;
+    loc.anon_search_min_chars    = badges_cfg_remote?.anon_search_min_chars    ?? 3;
+    loc.auth_search_result_limit = badges_cfg_remote?.auth_search_result_limit ?? 25;
+    loc.auth_search_min_chars    = badges_cfg_remote?.auth_search_min_chars    ?? 2;
+    loc.trusted_search_result_limit = badges_cfg_remote?.trusted_search_result_limit ?? 150;
+    loc.trusted_search_min_chars    = badges_cfg_remote?.trusted_search_min_chars    ?? 1;
+
     // Passcodes and permissions (may be null)
     loc.trusted_passcode = badges_cfg_remote?.trusted_passcode ?? null;
     loc.administrator_passcode = badges_cfg_remote?.administrator_passcode ?? null;