fix(upload): use correct experimental.proxyClientMaxBodySize key + client-side size guard

The previous attempt put 'middlewareClientMaxBodySize' at the top level of
NextConfig — Next 16.1 rejected it as an unrecognised key. Inspecting the
shipped config schema (node_modules/next/dist/server/config-schema.js)
revealed the option lives under experimental and was renamed to
'proxyClientMaxBodySize' when middleware.ts → proxy.ts; the old name is
still accepted but deprecated. Switched to the new name and confirmed Next
now lists it in the Experiments banner at boot.

While we were at it the cap was bumped to 500MB (was 100MB) so batch
uploads have headroom over the 30MB-per-file bucket limit. Added a
client-side pre-flight in JobFilesPanel: rejects individual files >30MB
and total batches >400MB *before* hitting the server, with inline error
messaging instead of a cryptic 'Unexpected end of form' bounce.

Also raised serverActions.bodySizeLimit to 500mb to match.

next.config.ts

@@ -4,67 +4,44 @@ const nextConfig: NextConfig = {
   experimental: {
     optimizePackageImports: ["lucide-react", "@radix-ui/react-icons"],
     serverActions: {
-      // Job files bucket caps individual files at 30MB; raise overall body
-      // limit to allow batch uploads.
-      bodySizeLimit: "100mb",
+      // Job files bucket caps individual files at 30MB; allow batch uploads
+      // (multipart overhead + ~16 files of 30MB worst case).
+      bodySizeLimit: "500mb",
     },
+    // Next 16 renamed `middlewareClientMaxBodySize` to `proxyClientMaxBodySize`
+    // (middleware.ts → proxy.ts). Default 10MB gates every body that flows
+    // through our auth proxy — without this override multipart uploads exceed
+    // the cap and the parser dies with "Unexpected end of form".
+    proxyClientMaxBodySize: "500mb",
   },
   turbopack: {},
 
-  // Image optimization
   images: {
     remotePatterns: [
-      {
-        protocol: 'https',
-        hostname: 'ui.shadcn.com',
-      },
-      {
-        protocol: 'https',
-        hostname: 'images.unsplash.com',
-      },
+      { protocol: "https", hostname: "ui.shadcn.com" },
+      { protocol: "https", hostname: "images.unsplash.com" },
     ],
-    formats: ['image/webp', 'image/avif'],
+    formats: ["image/webp", "image/avif"],
   },
 
-  // Headers for better security and performance
   async headers() {
     return [
       {
-        source: '/(.*)',
+        source: "/(.*)",
         headers: [
-          {
-            key: 'X-Frame-Options',
-            value: 'DENY',
-          },
-          {
-            key: 'X-Content-Type-Options',
-            value: 'nosniff',
-          },
-          {
-            key: 'Referrer-Policy',
-            value: 'origin-when-cross-origin',
-          },
+          { key: "X-Frame-Options", value: "DENY" },
+          { key: "X-Content-Type-Options", value: "nosniff" },
+          { key: "Referrer-Policy", value: "origin-when-cross-origin" },
         ],
       },
     ];
   },
 
-  // Redirects for better SEO
   async redirects() {
     return [
-      {
-        source: '/home',
-        destination: '/dashboard',
-        permanent: true,
-      },
+      { source: "/home", destination: "/dashboard", permanent: true },
     ];
   },
 };
 
-// Next 16 caps middleware-passed request bodies at 10MB by default. Our auth
-// middleware sees every request including job-file uploads — without this
-// override, multipart uploads larger than 10MB return "Unexpected end of
-// form". The key isn't in NextConfig's TS types yet (Next 16.1).
-(nextConfig as NextConfig & { middlewareClientMaxBodySize?: string }).middlewareClientMaxBodySize = "100mb";
-
 export default nextConfig;