Add Zod validation, fix mass assignment, remove test endpoints and dead code

- Add centralized Zod schemas (server/utils/schemas.js) and validateBody
  utility for all API endpoints
- Fix critical mass assignment in member creation: raw body no longer
  passed to new Member(), only validated fields (email, name, circle,
  contributionTier) are accepted
- Apply Zod validation to login, profile patch, event registration,
  updates, verify-payment, and admin event creation endpoints
- Fix logout cookie flags to match login (httpOnly: true, secure
  conditional on NODE_ENV)
- Delete unauthenticated test/debug endpoints (test-connection,
  test-subscription, test-bot)
- Remove sensitive console.log statements from Helcim and member
  endpoints
- Remove unused bcryptjs dependency
- Add 10MB file size limit on image uploads
- Use runtime config for JWT secret across all endpoints
- Add 38 validation tests (117 total, all passing)

server/api/helcim/create-plan.post.js

@@ -16,7 +16,6 @@ export default defineEventHandler(async (event) => {
 
     const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN
 
-    console.log('Creating payment plan:', body.name)
 
     const response = await fetch(`${HELCIM_API_BASE}/payment-plans`, {
       method: 'POST',
@@ -44,7 +43,6 @@ export default defineEventHandler(async (event) => {
     }
 
     const planData = await response.json()
-    console.log('Payment plan created:', planData)
 
     return {
       success: true,