feat: secure proof-of-payment download routes with shareId validation

Changes:
- Update download links in UI to use shareId instead of locationID
- Add shareId validation to per-bill proof download route
- Add shareId validation to combined proof download route
- Validate TTL before allowing downloads
- Extract locationId from shareId using extractShareId helper

Security:
- Download routes now validate checksum and TTL
- Prevents unauthorized access to proof-of-payment files
- Returns 404 for invalid/expired share links

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

app/ui/ViewBillCard.tsx

@@ -130,7 +130,7 @@ export const ViewBillCard: FC<ViewBillCardProps> = ({ location, bill, shareId })
                                 proofOfPaymentFilename ? (
                                     <div className="mt-3 ml-[-.5rem]">
                                         <Link
-                                            href={`/share/proof-of-payment/per-bill/${locationID}-${billID}/`}
+                                            href={`/share/proof-of-payment/per-bill/${shareId || locationID}-${billID}/`}
                                             target="_blank"
                                             className='text-center w-full max-w-[20rem] text-nowrap truncate inline-block'
                                         >