fix: implement critical security remediation for authentication and authorization

- Add Clerk token verification to tRPC context (server/trpc/index.ts)
- Remove client-controlled authorId/reviewedById from revisions router
- Require JWT_SECRET environment variable, remove hardcoded fallback
- Add table name validation to prevent SQL injection in backup logic
- Fix TRPCContext type to use better-sqlite3 instead of LibSQL
- Update revisions router tests to use proper tRPC v11+ API
- Add resetInMemoryState function for test isolation

Security fixes address:
- Critical: Authentication bypass via missing token verification
- Critical: User impersonation via client-controlled IDs
- High: Insecure WebSocket defaults with hardcoded secrets
- High: SQL injection vulnerability in backup logic

All tests passing (24/24).

src/db/config/backup.ts

@@ -41,9 +41,16 @@ export class DatabaseBackupManager {
         "SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%'"
       );
 
+      const tableNamePattern = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+
       for (const table of tables) {
+        if (!tableNamePattern.test(table)) {
+          console.warn(`Skipping invalid table name: ${table}`);
+          continue;
+        }
+        
         const data = await this.dbManager.query<Record<string, unknown>>(
-          `SELECT * FROM ${table}`
+          `SELECT * FROM "${table}"`
         );
         
         console.log(`Backed up ${table}: ${data.length} rows`);