#543 [API/Race] apps.py TOCTOU in create_app

File: api/blueprints/v1/apps.py:193-236. SELECT checks for duplicate, then INSERT. Between these operations, another request could insert same app name, causing 500 instead of 409 conflict. FIX: Use INSERT ON CONFLICT DO NOTHING RETURNING.