Changelog - Remediation "Full Audit Fix"

[Unreleased] - 2024-12-07

chat-server: Implemented JWT Authentication Middleware for HTTP API.
- Secured /api/messages (POST) and /api/messages/{id} (GET).
- Enforced permission checks (can_send_message, can_read_conversation).
- Patched sender_id spoofing vulnerability by enforcing User ID from Token Claims.
backend: Resolved veza_errors_total metric collision preventing proper monitoring initialization.

backend: Fixed JobWorker starvation issue by replacing blocking time.Sleep with non-blocking scheduler.
stream-server: Improved task safety by replacing unsafe abort() with graceful join/await for monitoring tasks.
chat-server: Fixed resource leak by implementing 60s WebSocket inactivity/heartbeat timeout.
chat-server: Implemented Graceful Shutdown handling for OS signals (SIGTERM/SIGINT).
backend-tests: Fixed RoomHandler unit tests.
- Refactored RoomHandler to use RoomServiceInterface for dependency injection.
- Updated CreateRoom tests to match actual Service signatures.
- Fixed bitrate_handler_test.go compilation errors.
- Resolved global metric registration panics during testing.

backend: Deleted legacy maintenance code (migrations_legacy/ and src/cmd/main.go.legacy).

backend: Some unit tests (metrics_test.go, profile_handler_test.go, system_metrics_test.go) are disabled due to bitrot/missing dependencies.
stream-server: Compilation requires active Database connection (sqlx compile-time verification) or sqlx-data.json.