Harden backend against audit findings H2, H3, H4, H5, H7, M5, M6

CORS (H2): the backend now refuses to boot in production without
FRONTEND_URL set, and accepts a comma-separated allowlist of origins.
No localhost fallback in production.

JSON body limit (H3): global limit reduced from 50 MB to 1 MB. Chat
endpoints get a 10 MB override via a per-route parser. Both limits are
env-configurable.

LibreOffice conversion timeout (H4): docxToPdf now races the soffice
call against a hard timeout (default 60 s) so a malformed DOCX cannot
hang the request indefinitely. Throws DocxConversionTimeoutError on
expiry; existing call sites already log-and-continue on conversion
failure.

DOCX zip and XML guards (H5): new safeZip.ts wraps JSZip.loadAsync
behind loadZipSafely (rejects archives whose declared uncompressed
footprint exceeds DOCX_MAX_UNCOMPRESSED_BYTES, default 200 MB) and
adds assertSafeXml (rejects payloads above DOCX_MAX_XML_BYTES, default
50 MB, or containing DOCTYPE or ENTITY declarations). All four
JSZip.loadAsync sites in docxTrackedChanges.ts migrated. Predefined
XML entities continue to be processed correctly.

Email shape validation (H7): the JWT-supplied email is now validated
against a conservative shape before being interpolated into the
PostgREST `cs` filter on shared_with.

Multer upgrade (M5): bumped from 1.4.5-lts to 2.x. The 1.x line has
known DoS CVEs. API surface unchanged for our usage.

Helmet CSP (M6): replaced contentSecurityPolicy:false with a strict
default-src:'none'; frame-ancestors:'none' CSP on all API responses.

Supporting infrastructure: new logger.ts exposes devLog/devWarn that
no-op in production, and httpErrors.ts provides sendServerError and
friends so routes can be migrated off raw error message exposure.

Updated docs/security/01-threat-model.md and CHANGELOG.md with
remediation details.