[P1] cloud: Supabase quick-connect

[sri-rang]

Summary

Supabase is one of the most popular hosted PostgreSQL platforms. Connecting Tusk to a Supabase project requires navigating the Supabase dashboard to find the correct host, port, and credentials — and choosing between the direct connection, the session-mode pooler, and the transaction-mode pooler. New users frequently connect to the wrong endpoint or miss required SSL settings.

User Story

As a developer using Supabase, I want to paste my Supabase project URL so that Tusk auto-configures the connection with the correct endpoint, credentials, and SSL settings.

Acceptance Criteria

• Connection dialog accepts a Supabase project URL (https://<ref>.supabase.co) and auto-fills all connection fields
• A connection mode selector presents three options: Direct (port 5432), Session Pooler (port 5432 via pgBouncer), Transaction Pooler (port 6543 via pgBouncer) — with a plain-language description of when to use each
• SSL mode defaults to require and is non-editable for Supabase connections
• A Supabase badge is shown on the connection profile in the sidebar
• When connected, the status bar shows a "Row Level Security active" indicator when the connected role has RLS-enforcing policies on the current table

Notes

• Supabase direct connection host: db.<ref>.supabase.co:5432
• Supabase session pooler: aws-0-<region>.pooler.supabase.com:5432
• Supabase transaction pooler: aws-0-<region>.pooler.supabase.com:6543
• Username for pooler differs from direct: postgres.<ref> instead of postgres