feat: add domain-based access control for API keys (#198)

Co-authored-by: Claude <noreply@anthropic.com>

apps/web/prisma/migrations/20250822125136_add_domain_access_to_api_keys/migration.sql

@@ -0,0 +1,5 @@
+-- AlterTable
+ALTER TABLE "ApiKey" ADD COLUMN     "domainId" INTEGER;
+
+-- AddForeignKey
+ALTER TABLE "ApiKey" ADD CONSTRAINT "ApiKey_domainId_fkey" FOREIGN KEY ("domainId") REFERENCES "Domain"("id") ON DELETE SET NULL ON UPDATE CASCADE;

apps/web/prisma/schema.prisma

@@ -195,6 +195,7 @@ model Domain {
   createdAt     DateTime     @default(now())
   updatedAt     DateTime     @updatedAt
   team          Team         @relation(fields: [teamId], references: [id], onDelete: Cascade)
+  apiKeys       ApiKey[]
 }
 
 enum ApiPermission {
@@ -209,11 +210,13 @@ model ApiKey {
   partialToken String
   name         String
   permission   ApiPermission @default(SENDING)
+  domainId     Int?
   createdAt    DateTime      @default(now())
   updatedAt    DateTime      @updatedAt
   lastUsed     DateTime?
   teamId       Int
   team         Team          @relation(fields: [teamId], references: [id], onDelete: Cascade)
+  domain       Domain?       @relation(fields: [domainId], references: [id], onDelete: Cascade)
 }
 
 enum EmailStatus {