fix: security hardening and performance improvements

Security:
- Add token+secret auth to /setup-webhook and /webhook-info endpoints
- Disable /api/test in production environment (ENVIRONMENT=production)

Performance:
- Add retryWithBackoff to weather-tool (maxRetries: 2)
- Add KV caching to executeLookupDocs (1h TTL)

Code Quality:
- Centralize error messages in src/constants/messages.ts
- Update 5 files to use centralized error constants

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

CLAUDE.md

@@ -213,8 +213,11 @@ wrangler secret put DEPOSIT_API_SECRET # Deposit API 인증 키
 
 **Webhook 설정:**
 ```bash
-curl https://telegram-summary-bot.kappa-d8e.workers.dev/setup-webhook
-curl https://telegram-summary-bot.kappa-d8e.workers.dev/webhook-info
+# Webhook 설정 (token + secret 필요)
+curl "https://telegram-summary-bot.kappa-d8e.workers.dev/setup-webhook?token=${BOT_TOKEN}&secret=${WEBHOOK_SECRET}"
+
+# Webhook 정보 조회 (token + secret 필요)
+curl "https://telegram-summary-bot.kappa-d8e.workers.dev/webhook-info?token=${BOT_TOKEN}&secret=${WEBHOOK_SECRET}"
 ```
 
 **Database Migrations:**
@@ -377,8 +380,8 @@ curl -X POST http://localhost:8787/webhook \
 # 로그 스트리밍
 npm run tail
 
-# Webhook 상태 확인
-curl https://telegram-summary-bot.kappa-d8e.workers.dev/webhook-info
+# Webhook 상태 확인 (token + secret 필요)
+curl "https://telegram-summary-bot.kappa-d8e.workers.dev/webhook-info?token=${BOT_TOKEN}&secret=${WEBHOOK_SECRET}"
 ```
 
 **수동 테스트 예제** (자동화 예정):
@@ -423,7 +426,7 @@ wrangler d1 execute telegram-conversations --command "SELECT * FROM users LIMIT
 | 엔드포인트 | 보안 수준 | 설명 |
 |-----------|----------|------|
 | `/health` | 최소 정보만 | status, timestamp만 반환 (DB 정보 미노출) |
-| `/webhook-info` | BOT_TOKEN 필요 | Telegram Webhook 상태 조회 |
+| `/webhook-info` | BOT_TOKEN + WEBHOOK_SECRET 필요 | Telegram Webhook 상태 조회 |
 | `/setup-webhook` | BOT_TOKEN + WEBHOOK_SECRET 필요 | Webhook 설정 |
 
 **인증 필요 엔드포인트:**