Add Zod validation to all API endpoints and remove debug test route

Adds schema-based input validation across helcim, events, members,
series, admin, and updates API endpoints. Removes the peer-support
debug test endpoint. Adds validation test coverage.

server/api/auth/verify.get.js

@@ -29,6 +29,13 @@ export default defineEventHandler(async (event) => {
         statusMessage: 'Member not found' 
       })
     }
+
+    if (member.status === 'suspended' || member.status === 'cancelled') {
+      throw createError({
+        statusCode: 403,
+        statusMessage: 'Account is ' + member.status
+      })
+    }
     
     // Create a new session token for the authenticated user
     const sessionToken = jwt.sign(
@@ -49,6 +56,9 @@ export default defineEventHandler(async (event) => {
     await sendRedirect(event, '/members', 302)
     
   } catch (err) {
+    if (err.statusCode && err.statusCode !== 401) {
+      throw err
+    }
     throw createError({ 
       statusCode: 401, 
       statusMessage: 'Invalid or expired token'