fix: security hardening and performance improvements

Security:
- Add token+secret auth to /setup-webhook and /webhook-info endpoints
- Disable /api/test in production environment (ENVIRONMENT=production)

Performance:
- Add retryWithBackoff to weather-tool (maxRetries: 2)
- Add KV caching to executeLookupDocs (1h TTL)

Code Quality:
- Centralize error messages in src/constants/messages.ts
- Update 5 files to use centralized error constants

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/routes/api.ts

@@ -270,11 +270,18 @@ async function handleDepositDeduct(request: Request, env: Env): Promise<Response
 /**
  * POST /api/test - 테스트 API (메시지 처리 후 응답 직접 반환)
  *
+ * ⚠️ 개발 환경 전용 - 프로덕션에서는 비활성화
+ *
  * @param request - HTTP Request with body
  * @param env - Environment bindings
  * @returns JSON response with AI response
  */
 async function handleTestApi(request: Request, env: Env): Promise<Response> {
+  // 프로덕션 환경에서는 비활성화
+  if (env.ENVIRONMENT === 'production') {
+    return new Response('Not Found', { status: 404 });
+  }
+
   try {
     // JSON 파싱 (별도 에러 핸들링)
     let jsonData: unknown;