secure JWT secrets via environment variables

[kryputh]

Closes #367

Summary

• remove hardcoded JWT access and refresh secret fallbacks from backend env parsing
• require strong, non-placeholder JWT secrets from environment variables and ensure refresh secret differs from the access secret
• add a Jest setup file that injects fresh test-only JWT secrets per run, plus unit coverage for the new validation rules
• update backend and deployment docs to explain secret generation and rotation through platform environment settings

Root Cause

The backend accepted hardcoded JWT defaults in backend/src/config/env.ts, which allowed deployments to start with committed fallback secrets instead of platform-managed values.

Validation

• npx jest --config jest.config.cjs --runTestsByPath src/config/__tests__/env.test.ts --runInBand
• npx eslint src/config/env.ts src/config/__tests__/env.test.ts
• npx tsc --noEmit --module nodenext --moduleResolution nodenext --target es2022 --esModuleInterop true --types jest,node src/config/env.ts src/config/__tests__/env.test.ts jest.setup.ts

Repo Baseline Issues

• npm ci currently fails because backend/package-lock.json is out of sync with backend/package.json
• npm run build and npm run lint currently fail on pre-existing repo-wide TypeScript and ESLint issues outside this change

Refs: #367

[drips-wave]

@kryputh Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits