feat: Implement user validation and ownership checks for image, reward, and task APIs

- Added `get_validated_user_id` utility function to validate user authentication across multiple APIs.
- Updated image upload, request, and listing endpoints to ensure user ownership and proper error handling.
- Enhanced reward management endpoints to include user validation and ownership checks.
- Modified task management endpoints to enforce user authentication and ownership verification.
- Updated models to include `user_id` for images, rewards, tasks, and children to track ownership.
- Implemented frontend changes to ensure UI reflects the ownership of tasks and rewards.
- Added a new feature specification to prevent deletion of system tasks and rewards.

backend/models/child.py

@@ -9,6 +9,7 @@ class Child(BaseModel):
     rewards: list[str] = field(default_factory=list)
     points: int = 0
     image_id: str | None = None
+    user_id: str | None = None
 
     @classmethod
     def from_dict(cls, d: dict):
@@ -19,10 +20,10 @@ class Child(BaseModel):
             rewards=d.get('rewards', []),
             points=d.get('points', 0),
             image_id=d.get('image_id'),
+            user_id=d.get('user_id'),
             id=d.get('id'),
             created_at=d.get('created_at'),
             updated_at=d.get('updated_at')
-
         )
 
     def to_dict(self):
@@ -33,6 +34,7 @@ class Child(BaseModel):
             'tasks': self.tasks,
             'rewards': self.rewards,
             'points': self.points,
-            'image_id': self.image_id
+            'image_id': self.image_id,
+            'user_id': self.user_id
         })
         return base