fix: implement critical security remediation for authentication and authorization

- Add Clerk token verification to tRPC context (server/trpc/index.ts)
- Remove client-controlled authorId/reviewedById from revisions router
- Require JWT_SECRET environment variable, remove hardcoded fallback
- Add table name validation to prevent SQL injection in backup logic
- Fix TRPCContext type to use better-sqlite3 instead of LibSQL
- Update revisions router tests to use proper tRPC v11+ API
- Add resetInMemoryState function for test isolation

Security fixes address:
- Critical: Authentication bypass via missing token verification
- Critical: User impersonation via client-controlled IDs
- High: Insecure WebSocket defaults with hardcoded secrets
- High: SQL injection vulnerability in backup logic

All tests passing (24/24).

server/websocket/index.ts

@@ -63,10 +63,15 @@ export async function startServer(config: ServerConfig) {
 
 // If run directly, start the server
 if (require.main === module) {
+  const jwtSecret = process.env.JWT_SECRET;
+  if (!jwtSecret) {
+    throw new Error('JWT_SECRET environment variable is required. Please set it before starting the server.');
+  }
+
   const config: ServerConfig = {
     port: parseInt(process.env.WS_PORT || '8080', 10),
-    jwtSecret: process.env.JWT_SECRET || 'dev-secret',
-    enableAuth: process.env.ENABLE_AUTH === 'true',
+    jwtSecret,
+    enableAuth: process.env.ENABLE_AUTH !== 'false',
   };
 
   startServer(config).catch((error) => {