feat: API key repository and key generation

[KingFRANKHOOD]

API key repository and key generation Closes #14

Description

Implements secure API key generation and an API key repository with support for create, lookup, revoke, and usage tracking.

What changed

• Added secure key utility:
  • generateSecureKey() returns { key, hash, prefix }
  • Uses cryptographically secure randomness (crypto.randomBytes)
  • Uses SHA-256 hashing for stored key representation
  • Uses short prefix (8 chars) for display/lookup support
• Added ApiKeyRepository with:
  • create(userId, apiId, keyHash, prefix, scopes, rateLimit)
  • findByKeyPrefix(prefix) (gateway lookup use-case)
  • findByUserAndApi(userId, apiId)
  • revoke(id) (soft revoke via revokedAt)
  • recordUsage(id) (increments usage and updates lastUsedAt)
• Added unit tests for:
  • key generation + hashing behavior
  • repository create/find/revoke/recordUsage flows

Checklist

• Cryptographically random key generation
• Hash-only storage approach (with short prefix)
• Soft revoke behavior
• Repository methods implemented
• Unit tests added
• CI-related checks pass locally

[KingFRANKHOOD]

@greatest0fallt1me, please review PR

[greatest0fallt1me]

please resolve the conflicts

[KingFRANKHOOD]

@greatest0fallt1me all conflicts have been resolved

[greatest0fallt1me]

@KingFRANKHOOD Can you resolve the conflicts?

[KingFRANKHOOD]

@KingFRANKHOOD Can you resolve the conflicts?

Will get on it now