POC: replace socket.io with trpc

[Julusian]

This is a POC that I am experimenting with. Not sure yet if it will be completed, it might get abandoned.

This experiment is looking into replacing the socket.io transport we use between the webui and the backend with tRPC. This is a modern and strongly type safe library designed for the kinds of things we are doing.

For now it is setup with a websocket (like socket.io), but we could look into changing that to be using SSE if we want to later, but I'm not sure if that will provide any benefits for us.

Once complete, this would:

• allow us to remove some of the glue we had to add around socket.io to be able to use it in a RPC fashion
• uses a slightly more standard (ie not invented here) approach to subscriptions for the ui
• have better guarantees that received messages are what we expect due to the zod based parameter validation
• have a more traceable handlers of rpc methods, as they will be constructed in a tree fashion of routers and child routers. unlike today where a socket.io handler can be anywhere
• make it easier to reliably implement security on this api. different auth levels are very explicit with the 'publicProcedure' vs 'protectedProcedure'. middleware can be added to each of these to perform the appropriate auth checks. That said, we could easily add similar wrappers for the socket.io listeners as we are already using an abstraction. Some investigation is needed to figure out how subscriptions will behave and need to be affected when permissions for the socket change.

I'm currently a little unsure on whether this will bring enough benefit to justify the effort to change.