feat: enterprise production hardening - 12 security and infrastructure improvements

[NeuroKoder3]

Summary

Implements all 12 enterprise production readiness improvements identified in the codebase assessment:

• Rate limiting: All IPC handlers now go through sliding-window rate limiting via ipcMain.handle middleware interception
• Auto-update: Enterprise builds use electron-updater with GitHub Releases as the update source (check on launch + every 4 hours)
• Code signing & notarization: Both enterprise and evaluation electron-builder configs now include Windows code signing (CSC_LINK/CSC_KEY_PASSWORD), macOS hardened runtime + notarization (afterSign hook), and a notarize.cjs script
• Structured logging & crash reporting: New logger.cjs writes JSON-structured logs to rotating files in userData/logs, and registers Electron crashReporter with local-only minidumps. Wired into main.cjs lifecycle
• Default password fix: Changed from weak 'Admin123!' (9 chars) to 'TransTrack#Admin2026!' (21 chars). Login now returns mustChangePassword flag; password change handler clears the flag
• CI hardening: Removed '|| true' from npm audit and lint steps, switched from 'npm install' to 'npm ci', added SBOM generation step with artifact upload
• Migration rollback: Added rollbackSql field to all migrations, new rollbackLastMigration() function, and schema_migrations table now stores rollback SQL
• HMAC license validation: License keys are now signed with HMAC-SHA256 on activation/renewal. validateLicenseData checks integrity and logs tamper attempts
• Professional payment config: Replaced personal PayPal email (lilnicole0383@gmail.com) with Stripe payment links and billing@transtrack.medical across all files (tiers.cjs, manager.cjs, frontend components, docs)
• SBOM generation: Added @cyclonedx/cyclonedx-npm to devDependencies and SBOM step to CI workflow with 90-day artifact retention
• Pinned dependencies: Removed ^ caret from all 60+ dependency versions in package.json for deterministic builds. Added electron-updater, @electron/notarize, @cyclonedx/cyclonedx-npm
• Session binding: Sessions are now bound to the WebContents ID that authenticated, preventing session riding from injected/rogue renderer contexts

Files Changed (19)

• .github/workflows/ci.yml
• PRICING.md, docs/LICENSING.md
• electron-builder.enterprise.json, electron-builder.evaluation.json
• electron/database/init.cjs, electron/database/migrations.cjs
• electron/ipc/handlers.cjs, electron/ipc/handlers/auth.cjs, electron/ipc/shared.cjs
• electron/license/manager.cjs, electron/license/tiers.cjs
• electron/main.cjs
• electron/services/logger.cjs (new)
• scripts/notarize.cjs (new)
• package.json
• src/api/localClient.js, src/components/license/UpgradePrompt.jsx, src/pages/LicenseActivation.jsx

Test plan

• Verify CI pipeline runs successfully (npm ci, audit, lint, tests, SBOM)
• Verify rate limiting triggers on rapid IPC calls
• Verify login returns mustChangePassword for default admin
• Verify license activation stores and validates HMAC
• Verify structured logs appear in userData/logs/transtrack.log
• Verify payment links point to Stripe URLs, no PayPal references remain
• Verify session is invalidated when accessed from a different WebContents