refactor(01): address plan-checker revisions (1 blocker, 5 warnings)

- 01-02: wave 1→2, depends_on [01]; drop unused androidLibrary classpath
  entry; guard Kotlin compilerOptions with plugins.withId listeners
- 01-05: remove misleading 'gradle exit' echo from verify block
- 01-06: harden credential check on docker-compose.yml alone
- 01-07: drop hardcoded /Users/rwilk/dev/repo/recipe cd prefix
- 01-RESEARCH: rename Open Questions → (RESOLVED); replace
  'Recommendation:' with 'RESOLVED:' per gsd Dimension 11 convention

.planning/phases/01-project-infrastructure-module-wiring/01-06-PLAN.md

@@ -148,7 +148,7 @@ From README.md current content:
     - `docker-compose.yml` has a `healthcheck:` block using `pg_isready -U recipe -d recipe`
     - `docker-compose.yml` does NOT contain a `version:` key (modern compose v2)
     - `docker-compose.yml` does NOT define any service other than `postgres` (D-17: Authentik stays on homelab)
-    - Credentials match Plan 05's `application.conf` defaults (cross-check: `grep 'user = "recipe"' server/src/main/resources/application.conf` and `grep 'password = "recipe"' server/src/main/resources/application.conf` both return 1 line each — if Plan 05 is not complete, skip this sub-check)
+    - `docker-compose.yml` credentials are the exact literals that Plan 05 hardcodes in `application.conf`: `grep -c '^\s*POSTGRES_\(DB\|USER\|PASSWORD\): recipe$' docker-compose.yml` returns `3` (DB, USER, PASSWORD all equal `recipe`). This is enforced on docker-compose.yml alone — the shared hardcoded contract (`recipe/recipe/recipe`) is stated identically in both plans' interfaces, so no cross-file lookup is required.
   </acceptance_criteria>
   <done>docker-compose.yml ships postgres:16 matching application.conf defaults; single-service compose file.</done>
 </task>