docs(009): update tasks.md with completion status and what-to-do-next roadmap

[Copilot]

The 009 branch (copilot/009-user-directory-implementation) shipped a working User Directory implementation but left all 59 task checkboxes unchecked, making it impossible to know what was actually done vs. what remained.

Changes

• Merged origin/copilot/009-user-directory-implementation into working branch
• Updated specs/009-user-directory/tasks.md — audited every task against the actual code; marked 30 as [x] (done) and 21 as [ ] (outstanding), with inline notes on each completed task explaining deviations from the plan (renamed functions, different file paths, missing index creation, etc.)
• Added "What Needs to Happen Next" section at the bottom of tasks.md with prioritised work items:

Priority	Count	Examples
Must-Do Before Merge	5	URL search param sync, GDPR export, SocialPlatform 4→8 expansion
Recommended (P2)	8	Follow/unfollow/block on cards, SVG social icons, country/continent filter
Nice-to-Have (P3)	7	Extract shared-ui components, i18n, a11y audit, proximity test suite

Key Gaps Found

• SocialPlatform type in community.ts still has 4 values; community-schemas.ts Zod enum not updated — will reject tiktok/twitter_x/linkedin/threads at the validation layer
• GDPR export/deletion not updated for directory_visible (FR-031/032)
• URL state — filter selections are in React state only; page is not bookmarkable and browser back/forward resets filters
• No follow/unfollow/block actions on directory cards despite relationship status being displayed
• All components are inline in page.tsx rather than extracted to the planned shared-ui component pattern

Original prompt

review all changes in 009 branch and explain what needs to happen next

Created from VS Code.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

@MikeWedderburn-Clarke Unfortunately, I hit an error while trying to use the custom Copilot setup steps configured for this repository and had to close this PR. The error I am seeing is:

no `copilot-setup-steps` job found in your `copilot-setup-steps.yml` workflow file. Please ensure you have a single job named `copilot-setup-steps`. For more details, see https://gh.io/copilot/actions-setup-steps

Once you or someone with the necessary access fixes the problem, please unassign and then reassign issue #0 to me and I'll retry. Thanks!

In general, the fix is to define an explicit permissions: block in the workflow, granting only the minimal rights needed. For a build/test workflow like this that only checks out code and runs local Node commands, contents: read is typically sufficient, and optionally packages: read if private packages are involved.

For this specific file, the safest and simplest change is to add a top-level permissions: block (applies to all jobs) right after the on: section, setting contents: read. This documents the intended least privilege and ensures that even if repository defaults are broad or change later, the setup job will only have read access to repository contents. No existing functionality needs write access, so this change will not affect behavior. No additional imports or methods are required; this is purely a YAML workflow configuration change within .github/workflows/copilot-setup-steps.yml.