fix: resolve all JS architecture violations (JS-005 through JS-009)

Fixed 89 violations across vendor, admin, and shared JavaScript files:

JS-008 (raw fetch → apiClient):
- Added postFormData() and getBlob() methods to api-client.js
- Updated inventory.js, messages.js to use apiClient.postFormData()
- Added noqa for file downloads that need response headers

JS-009 (window.showToast → Utils.showToast):
- Updated admin/messages.js, notifications.js, vendor/messages.js
- Replaced alert() in customers.js

JS-006 (async error handling):
- Added try/catch to all async init() and reload() methods
- Fixed vendor: billing, dashboard, login, messages, onboarding
- Fixed shared: feature-store, upgrade-prompts
- Fixed admin: all page components

JS-005 (init guards):
- Added initialization guards to prevent duplicate init() calls
- Pattern: if (window._componentInitialized) return;

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

static/vendor/js/login.js

@@ -24,24 +24,33 @@ function vendorLogin() {
         dark: false,
 
         async init() {
-            vendorLoginLog.info('=== VENDOR LOGIN PAGE INITIALIZING ===');
+            // Guard against multiple initialization
+            if (window._vendorLoginInitialized) return;
+            window._vendorLoginInitialized = true;
 
-            // Load theme
-            const theme = localStorage.getItem('theme');
-            if (theme === 'dark') {
-                this.dark = true;
-            }
-            vendorLoginLog.debug('Dark mode:', this.dark);
+            try {
+                vendorLoginLog.info('=== VENDOR LOGIN PAGE INITIALIZING ===');
 
-            // Get vendor code from URL path
-            const pathSegments = window.location.pathname.split('/').filter(Boolean);
-            if (pathSegments[0] === 'vendor' && pathSegments[1]) {
-                this.vendorCode = pathSegments[1];
-                vendorLoginLog.debug('Vendor code from URL:', this.vendorCode);
-                await this.loadVendor();
+                // Load theme
+                const theme = localStorage.getItem('theme');
+                if (theme === 'dark') {
+                    this.dark = true;
+                }
+                vendorLoginLog.debug('Dark mode:', this.dark);
+
+                // Get vendor code from URL path
+                const pathSegments = window.location.pathname.split('/').filter(Boolean);
+                if (pathSegments[0] === 'vendor' && pathSegments[1]) {
+                    this.vendorCode = pathSegments[1];
+                    vendorLoginLog.debug('Vendor code from URL:', this.vendorCode);
+                    await this.loadVendor();
+                }
+                this.checked = true;
+                vendorLoginLog.info('=== VENDOR LOGIN PAGE INITIALIZATION COMPLETE ===');
+            } catch (error) {
+                vendorLoginLog.error('Failed to initialize login page:', error);
+                this.checked = true;
             }
-            this.checked = true;
-            vendorLoginLog.info('=== VENDOR LOGIN PAGE INITIALIZATION COMPLETE ===');
         },
 
         async loadVendor() {