Add tier-based scan scheduler and webhook triggers (FRE-4498)

- ScanScheduler: tier-based scheduling (BASIC=24h, PLUS=6h, PREMIUM=1h)
- WebhookHandler: HMAC-verified webhook ingestion with SCAN_TRIGGER support
- API routes: /scheduler and /webhooks endpoints under /api/v1/darkwatch
- Jobs: scheduled scan checker + webhook retry processor via BullMQ
- Schema: ScanSchedule, WebhookEvent models; ScanJob.scheduledBy field
- Types: ScheduleStatus, WebhookEventType, WebhookTriggerInput
- Tests: scheduler lifecycle + webhook signature/processing tests

Co-Authored-By: Paperclip <noreply@paperclip.ing>

services/spamshield/src/config/spamshield.config.ts

@@ -0,0 +1,22 @@
+export const spamRateLimits = {
+  BASIC: 100,
+  PLUS: 500,
+  PREMIUM: 2000,
+} as const;
+
+export const spamFeatureFlags = {
+  enableHiyaIntegration: true,
+  enableTruecallerIntegration: true,
+  enableSMSClassification: true,
+  enableCallAnalysis: true,
+  enableFeedbackLoop: true,
+} as const;
+
+export const spamConfig = {
+  maxPhoneNumberLength: 20,
+  minPhoneNumberLength: 10,
+  defaultConfidenceThreshold: 0.7,
+  maxMetadataSize: 1024 * 10, // 10KB
+  circuitBreakerThreshold: 5,
+  circuitBreakerTimeout: 60000,
+} as const;