feat: add core security utilities for checksum-based share links

- Add HMAC-SHA256 checksum generation and validation (shareChecksum.ts)
- Add PDF magic bytes validation to prevent file spoofing (pdfValidator.ts)
- Add IP-based rate limiting for upload abuse prevention (uploadRateLimiter.ts)
- Update BillingLocation interface with shareTTL and shareFirstVisitedAt fields
- Add environment variables for share link security and TTL configuration

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

app/lib/db-types.ts

@@ -81,6 +81,10 @@ export interface BillingLocation {
     utilBillsProofOfPayment?: FileAttachment|null;
     /** (optional) rent proof of payment attachment */
     rentProofOfPayment?: FileAttachment|null;
+    /** (optional) share link expiry timestamp */
+    shareTTL?: Date;
+    /** (optional) when tenant first visited the share link */
+    shareFirstVisitedAt?: Date | null;
 };
 
 export enum BilledTo {