fix(e2e): scope rate_limit_attempts cleanup to exclude brute-force

The blanket DELETE FROM rate_limit_attempts in global-setup raced
with brute-force.spec.ts: another shard's global-setup could wipe
the brute-force test's accumulated failed-attempt rows mid-test,
causing attempt 6 to get "Invalid login credentials" instead of
the expected "temporarily locked" message.

Scope the DELETE to NOT LIKE 'brute-force-test-%', preserving rows
created by brute-force.spec.ts while still cleaning up cross-run
lockout accumulation from e2e/mailinator test users.

Run 24255175890: firefox/chromium/webkit gen-3/4 all failed on
brute-force.spec.ts:79 with this exact race condition.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: YourGitHubUsername

tests/e2e/global-setup.ts

@@ -805,10 +805,14 @@ export default async function globalSetup(config: FullConfig): Promise<void> {
   await ensurePublicProfileCompany();
   await ensureDiscoverableWorker();
 
-  // Clear rate_limit_attempts to prevent cross-run lockout accumulation.
-  // 18 parallel shards each calling check_rate_limit RPC with row-level
-  // locks caused 478 rows and DB connection timeouts (2026-04-09).
-  await executeSQL(`DELETE FROM rate_limit_attempts`).catch((err: unknown) =>
+  // Clear rate_limit_attempts for known test users to prevent cross-run
+  // lockout accumulation (478 rows observed on 2026-04-09 causing DB
+  // connection timeouts). Exclude brute-force-test-* rows — those are
+  // created and consumed within a single brute-force.spec.ts test run
+  // and would race with a concurrent shard's global-setup DELETE.
+  await executeSQL(
+    `DELETE FROM rate_limit_attempts WHERE identifier NOT LIKE 'brute-force-test-%'`
+  ).catch((err: unknown) =>
     console.warn('⚠ Rate limit cleanup warning:', err)
   );