fix: security hardening and performance improvements

Security:
- Add token+secret auth to /setup-webhook and /webhook-info endpoints
- Disable /api/test in production environment (ENVIRONMENT=production)

Performance:
- Add retryWithBackoff to weather-tool (maxRetries: 2)
- Add KV caching to executeLookupDocs (1h TTL)

Code Quality:
- Centralize error messages in src/constants/messages.ts
- Update 5 files to use centralized error constants

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/tools/weather-tool.ts

@@ -1,5 +1,7 @@
 // Weather Tool - wttr.in integration
 import type { Env } from '../types';
+import { retryWithBackoff } from '../utils/retry';
+import { ERROR_MESSAGES } from '../constants/messages';
 
 // wttr.in API 응답 타입 정의
 interface WttrCurrentCondition {
@@ -56,8 +58,9 @@ export async function executeWeather(args: { city: string }, env?: Env): Promise
   const city = args.city || 'Seoul';
   try {
     const wttrUrl = env?.WTTR_IN_URL || 'https://wttr.in';
-    const response = await fetch(
-      `${wttrUrl}/${encodeURIComponent(city)}?format=j1`
+    const response = await retryWithBackoff(
+      () => fetch(`${wttrUrl}/${encodeURIComponent(city)}?format=j1`),
+      { maxRetries: 2, initialDelayMs: 500 }
     );
 
     if (!response.ok) {
@@ -68,7 +71,7 @@ export async function executeWeather(args: { city: string }, env?: Env): Promise
 
     // 안전한 접근 - 데이터 유효성 확인
     if (!data.current_condition?.[0]) {
-      return `날씨 정보를 가져올 수 없습니다: ${city}`;
+      return `${ERROR_MESSAGES.WEATHER_SERVICE_UNAVAILABLE}: ${city}`;
     }
 
     const current = data.current_condition[0];
@@ -84,6 +87,6 @@ export async function executeWeather(args: { city: string }, env?: Env): Promise
 습도: ${current.humidity}%
 풍속: ${current.windspeedKmph} km/h`;
   } catch (error) {
-    return `날씨 정보를 가져올 수 없습니다: ${city}`;
+    return `${ERROR_MESSAGES.WEATHER_SERVICE_UNAVAILABLE}: ${city}`;
   }
 }