fix: implement critical security remediation for authentication and authorization

- Add Clerk token verification to tRPC context (server/trpc/index.ts)
- Remove client-controlled authorId/reviewedById from revisions router
- Require JWT_SECRET environment variable, remove hardcoded fallback
- Add table name validation to prevent SQL injection in backup logic
- Fix TRPCContext type to use better-sqlite3 instead of LibSQL
- Update revisions router tests to use proper tRPC v11+ API
- Add resetInMemoryState function for test isolation

Security fixes address:
- Critical: Authentication bypass via missing token verification
- Critical: User impersonation via client-controlled IDs
- High: Insecure WebSocket defaults with hardcoded secrets
- High: SQL injection vulnerability in backup logic

All tests passing (24/24).

package.json

@@ -26,6 +26,7 @@
     "tauri:icons": "bash src-tauri/generate-icons.sh"
   },
   "dependencies": {
+    "@clerk/backend": "^3.4.1",
     "@clerk/clerk-js": "^6.7.5",
     "@libsql/client": "^0.17.3",
     "@solidjs/router": "^0.16.1",