security(broker): harden telegram bridge for production

- Validate JWT signature + expiry in /start (was only decoding, not verifying)
- Constant-time signature comparison in telegram-token.ts (prevent timing attacks)
- Rate limit /tg/token endpoint: 10 requests/hour per IP
- Grammy bot.catch() error handler (prevent unhandled rejections crashing broker)
- Cap WS reconnect attempts at 20 (prevent infinite retry loop)
- Expire stale pendingDMs entries (prevent memory leak)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

apps/broker/src/telegram-token.ts

@@ -94,7 +94,12 @@ export function validateTelegramConnectToken(
     // Verify signature
     const signingInput = `${headerB64}.${payloadB64}`;
     const expectedSignature = sign(signingInput, secret);
-    if (signatureB64 !== expectedSignature) return null;
+    // Constant-time comparison to prevent timing attacks
+    const a = Buffer.from(signatureB64);
+    const b = Buffer.from(expectedSignature);
+    if (a.length !== b.length) return null;
+    const { timingSafeEqual } = require("node:crypto");
+    if (!timingSafeEqual(a, b)) return null;
 
     // Verify header algorithm
     const header = JSON.parse(base64urlDecode(headerB64));