fix(admin): eliminate GoTrue empty-body 500s under bulk load (retry-all + undici keep-alive + sequential bulk), CSV formula-injection guard

lib/admin/csv.ts

@@ -11,6 +11,13 @@ export function csvField(v: unknown): string {
   else if (typeof v === 'string') s = v;
   else if (typeof v === 'object') s = JSON.stringify(v);
   else s = String(v);
+  // Spreadsheet formula-injection guard: a field whose first character is one
+  // of = + - @ (or a leading tab/CR) is interpreted as a formula by Excel /
+  // Sheets / LibreOffice. Neutralize it by prefixing a single quote BEFORE the
+  // RFC-4180 quote-escaping below, so the value renders as literal text.
+  if (s.length > 0 && /^[=+\-@\t\r]/.test(s)) {
+    s = `'${s}`;
+  }
   if (/[",\r\n]/.test(s)) {
     return `"${s.replace(/"/g, '""')}"`;
   }