Fix recipe preview failures with Firecrawl fallback

[windoze95]

Summary

• Add Firecrawl API as fallback scraper when direct HTTP fetch is blocked by Cloudflare (402/403/503 or JS challenge pages)
• Add User-Agent header to outbound recipe fetch requests
• Return structured ExtractionError responses with machine-readable error codes (site_blocked, not_found, fetch_failed) instead of generic 500s
• Add FIRECRAWL_API_KEY env var (optional) and firecrawl_json_ld / firecrawl_haiku extraction method constants
• Add test seams (HTTPFetchOverride, FirecrawlFetchOverride) for fully offline testing

Test plan

• All existing Go tests pass (144 → 154 tests)
• 8 new service tests: direct success, AI fallback, 403+Firecrawl success/fail, no key, 404, Cloudflare challenge, isCloudflareChallenge
• 2 new handler tests: PreviewFromURL returns 502+site_blocked, 404+not_found
• Set FIRECRAWL_API_KEY in ECS task definition
• Manual test: preview allrecipes.com URL → extracts via Firecrawl or shows "blocks automated access"
• Manual test: preview budgetbytes.com URL → works via direct fetch as before

🤖 Generated with Claude Code

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1072daf1cf

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".