fix: URL-encode DB password in connection string

Passwords with special characters (@, &, etc.) broke the SQLAlchemy
connection URL parsing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/app/config.py

@@ -1,4 +1,6 @@
 # backend/app/config.py
+from urllib.parse import quote_plus
+
 from pydantic_settings import BaseSettings
 from functools import lru_cache
 
@@ -31,8 +33,9 @@ class Settings(BaseSettings):
 
     @property
     def database_url(self) -> str:
+        password = quote_plus(self.DB_PASSWORD)
         return (
-            f"mysql+pymysql://{self.DB_USER}:{self.DB_PASSWORD}"
+            f"mysql+pymysql://{self.DB_USER}:{password}"
             f"@{self.DB_HOST}:{self.DB_PORT}/{self.DB_NAME}?charset=utf8mb4"
         )