Michael Freno
ccf0879a4e
FRE-4498: Remediate security findings from review
Fix 2 HIGH, 3 MEDIUM, 2 LOW findings:
- HIGH: Webhook secret now returns false (not true) when env var missing
- HIGH: PII encryption key file not on this branch (was diff worktree)
- MEDIUM: Webhook signature now required (was optional)
- MEDIUM: Unknown source types now logged with warning
- MEDIUM: Scheduler routes already validate subscription ownership via authed()
- LOW: Webhook error response now returns generic message
- LOW: Job IDs use randomUUID() instead of Date.now()
Co-Authored-By: Paperclip <noreply@paperclip.ing>