fix(security): audit fixes — Stripe webhook scope, fail-fast secrets, prisma singleton, worker auth, Zod validation, WA number env var

c8a4f4b