Fix session variable pollution

Implement all phases to fix session variable pollution by changing `is_local` to `true` in the `create_submission_with_items` database function and the `process-selective-approval` edge function. This ensures session variables are transaction-scoped, preventing data corruption and attribution errors. Includes database migration, edge function updates, and monitoring for attribution mismatches.

supabase/functions/process-selective-approval/index.ts

@@ -1220,23 +1220,23 @@ serve(withRateLimit(async (req) => {
       
       // Now enter try-catch ONLY for database operations
       try {
-        // Set user context for versioning trigger
-        // This allows create_relational_version() trigger to capture the submitter
+        // FIXED: Set user context with transaction scope (is_local=true)
+        // Prevents session variable pollution in connection pooling environments
         const { error: setUserIdError } = await supabase.rpc('set_config_value', {
           setting_name: 'app.current_user_id',
           setting_value: submitterId,
-          is_local: false
+          is_local: true  // ✅ CRITICAL: Transaction-scoped, auto-cleared at txn end
         });
         
         if (setUserIdError) {
           edgeLogger.error('Failed to set user context', { action: 'approval_set_context', error: setUserIdError.message, requestId: tracking.requestId });
         }
         
-        // Set submission ID for version tracking
+        // FIXED: Set submission ID with transaction scope (is_local=true)
         const { error: setSubmissionIdError } = await supabase.rpc('set_config_value', {
           setting_name: 'app.submission_id',
           setting_value: submissionId,
-          is_local: false
+          is_local: true  // ✅ CRITICAL: Transaction-scoped, auto-cleared at txn end
         });
         
         if (setSubmissionIdError) {