#799 Cross-tenant data leak in activities.py list endpoint

Issue B: CRITICAL SECURITY - The activities.py list endpoint did NOT filter by tenant_id, allowing any tenant to see ALL activities from ALL tenants. Affected queries: - Main query (line 534): No tenant filter - Count query (line 562): No tenant filter and no JOIN Fix: Added wr.tenant_id filter to both queries using g.tenant_id from middleware. Files modified: api/blueprints/v1/activities.py