feat: secure proof-of-payment download routes with shareId validation

Changes:
- Update download links in UI to use shareId instead of locationID
- Add shareId validation to per-bill proof download route
- Add shareId validation to combined proof download route
- Validate TTL before allowing downloads
- Extract locationId from shareId using extractShareId helper

Security:
- Download routes now validate checksum and TTL
- Prevents unauthorized access to proof-of-payment files
- Returns 404 for invalid/expired share links

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

app/ui/ViewLocationCard.tsx

@@ -195,7 +195,7 @@ export const ViewLocationCard: FC<ViewLocationCardProps> = ({ location, userSett
                                 attachmentFilename ? (
                                     <div className="mt-3 ml-[-.5rem]">
                                         <Link
-                                            href={`/share/proof-of-payment/combined/${_id}/`}
+                                            href={`/share/proof-of-payment/combined/${shareId || _id}/`}
                                             target="_blank"
                                             className='text-center w-full max-w-[20rem] text-nowrap truncate inline-block'
                                         >