Backend hardening: structured logging, timeouts, memory leak fixes, compression, XSS fix

- Add pino structured logging with request IDs (X-Request-Id header)
- Add 30s timeout to acquirePage() and renderPdf/renderUrlPdf
- Add verification cache cleanup (every 15min) and rate limit cleanup (every 60s)
- Read version from package.json in health endpoint
- Add compression middleware
- Escape currency in templates (XSS fix)
- Add static asset caching (1h maxAge)
- Remove deprecated docker-compose version field
- Replace all console.log/error with pino logger

src/services/keys.ts

@@ -1,4 +1,5 @@
 import { randomBytes } from "crypto";
+import logger from "./logger.js";
 import pool from "./db.js";
 
 export interface ApiKey {
@@ -25,7 +26,7 @@ export async function loadKeys(): Promise<void> {
       stripeCustomerId: r.stripe_customer_id || undefined,
     }));
   } catch (err) {
-    console.error("Failed to load keys from PostgreSQL:", err);
+    logger.error({ err }, "Failed to load keys from PostgreSQL");
     keysCache = [];
   }