fix: security hardening and performance improvements

Security:
- Add token+secret auth to /setup-webhook and /webhook-info endpoints
- Disable /api/test in production environment (ENVIRONMENT=production)

Performance:
- Add retryWithBackoff to weather-tool (maxRetries: 2)
- Add KV caching to executeLookupDocs (1h TTL)

Code Quality:
- Centralize error messages in src/constants/messages.ts
- Update 5 files to use centralized error constants

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

README.md

@@ -135,8 +135,8 @@ npm run deploy
 # Health check
 curl https://telegram-summary-bot.kappa-d8e.workers.dev/health
 
-# Webhook 상태
-curl https://telegram-summary-bot.kappa-d8e.workers.dev/webhook-info
+# Webhook 상태 (token + secret 필요)
+curl "https://telegram-summary-bot.kappa-d8e.workers.dev/webhook-info?token=${BOT_TOKEN}&secret=${WEBHOOK_SECRET}"
 
 # 실시간 로그
 npm run tail
@@ -145,8 +145,8 @@ npm run tail
 ### 6. Webhook 연결
 
 ```bash
-# 웹훅 설정 (배포된 URL 사용)
-curl https://<YOUR_WORKER_URL>/setup-webhook
+# 웹훅 설정 (token + secret 필요)
+curl "https://<YOUR_WORKER_URL>/setup-webhook?token=${BOT_TOKEN}&secret=${WEBHOOK_SECRET}"
 ```
 
 #### ⚠️ 주의사항