fix: security hardening and performance improvements

Security:
- Add token+secret auth to /setup-webhook and /webhook-info endpoints
- Disable /api/test in production environment (ENVIRONMENT=production)

Performance:
- Add retryWithBackoff to weather-tool (maxRetries: 2)
- Add KV caching to executeLookupDocs (1h TTL)

Code Quality:
- Centralize error messages in src/constants/messages.ts
- Update 5 files to use centralized error constants

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/routes/api.ts

@@ -270,11 +270,18 @@ async function handleDepositDeduct(request: Request, env: Env): Promise<Response
 /**
  * POST /api/test - 테스트 API (메시지 처리 후 응답 직접 반환)
  *
+ * ⚠️ 개발 환경 전용 - 프로덕션에서는 비활성화
+ *
  * @param request - HTTP Request with body
  * @param env - Environment bindings
  * @returns JSON response with AI response
  */
 async function handleTestApi(request: Request, env: Env): Promise<Response> {
+  // 프로덕션 환경에서는 비활성화
+  if (env.ENVIRONMENT === 'production') {
+    return new Response('Not Found', { status: 404 });
+  }
+
   try {
     // JSON 파싱 (별도 에러 핸들링)
     let jsonData: unknown;

src/routes/webhook.ts

@@ -5,6 +5,7 @@ import { executeDomainRegister } from '../domain-register';
 import { handleCommand } from '../commands';
 import { UserService } from '../services/user-service';
 import { ConversationService } from '../services/conversation-service';
+import { ERROR_MESSAGES } from '../constants/messages';
 
 /**
  * Safely parse integer with range validation
@@ -61,7 +62,7 @@ async function handleMessage(
     await sendMessage(
       env.BOT_TOKEN,
       chatId,
-      '⚠️ 일시적인 오류가 발생했습니다. 잠시 후 다시 시도해주세요.'
+      ERROR_MESSAGES.TEMPORARY_ERROR
     );
     return;
   }