do: producer projects (quinn/cocotte/mc); group ct tier in cocotte

- project.store name lilith-store -> cocotte-store -> cocotte ("lilith" is a
  relic; one env/one user, no dev/prod split). Decoupled from var.project_name
  so the managed PG/VPC names don't churn (DB rename is ForceNew = data loss).
- project.store.resources expanded to the full ct tier (lime, redroid, pg,
  media, redroid volume, backend reserved IP) — authoritative grouping.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

terraform/do/network.tf

@@ -14,15 +14,25 @@ resource "digitalocean_vpc" "store" {
 }
 
 resource "digitalocean_project" "store" {
-  name        = var.project_name
-  description = "Canonical store/backend tier for lilith-platform (replaces dead homelan 'black')."
+  # Project name decoupled from var.project_name ON PURPOSE: "lilith" is a relic;
+  # the canonical home is "cocotte-store". We do NOT rename var.project_name here
+  # because it also names the managed PG (lilith-store-pg) and VPC, and a DB-cluster
+  # rename is ForceNew = data loss. Resource-name relics get migrated separately.
+  name        = "cocotte"
+  description = "Cocotte (ct) producer: store/backend tier (apps, MCP, managed PG, media) + ephemeral test fleet. One env, one user — no dev/prod split."
   purpose     = "Web Application"
   environment = "Production"
 
+  # Full ct store/backend tier membership (authoritative — DO puts each resource
+  # in exactly one project). quinn-owned hosts (artifacts, infra) live in the
+  # separate `quinn` project; mc artifacts stay in the mc:dev default.
   resources = [
     digitalocean_droplet.backend.urn,
+    digitalocean_droplet.redroid.urn,
     digitalocean_database_cluster.pg.urn,
     digitalocean_spaces_bucket.media.urn,
+    digitalocean_volume.redroid_data.urn,
+    digitalocean_reserved_ip.backend.urn,
   ]
 }