feat(backend): implement comprehensive security and validation

Implement enterprise-grade security measures and input validation:

Security Features:
- Add Helmet.js for security headers (XSS, clickjacking, MIME protection)
- Implement rate limiting (5/15min for auth, 100/15min for API)
- Add Socket.IO JWT authentication middleware
- Fix JWT auth middleware (remove throw in catch, extend token to 7 days)
- Implement centralized error handling with AppError class
- Add CORS restrictive configuration

Input Validation:
- Add express-validator to all routes (auth, streets, tasks, posts, events, rewards, reports, users)
- Create comprehensive validation schemas in middleware/validators/
- Consistent error response format for validation failures

Additional Features:
- Add pagination middleware for all list endpoints
- Add Multer file upload middleware (5MB limit, image validation)
- Update .env.example with all required environment variables

Dependencies Added:
- helmet@8.1.0
- express-rate-limit@8.2.1
- express-validator@7.3.0
- multer@1.4.5-lts.1
- cloudinary@2.8.0

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

backend/.env.example

@@ -0,0 +1,24 @@
+# MongoDB Configuration
+MONGO_URI=mongodb://localhost:27017/adopt-a-street
+
+# JWT Authentication
+JWT_SECRET=your_jwt_secret_key_here_change_in_production
+
+# Server Configuration
+PORT=5000
+NODE_ENV=development
+
+# Frontend URL (for CORS)
+FRONTEND_URL=http://localhost:3000
+
+# Cloudinary Configuration (for image uploads)
+CLOUDINARY_CLOUD_NAME=your_cloudinary_cloud_name
+CLOUDINARY_API_KEY=your_cloudinary_api_key
+CLOUDINARY_API_SECRET=your_cloudinary_api_secret
+
+# Stripe Configuration (for premium subscriptions)
+STRIPE_SECRET_KEY=your_stripe_secret_key
+STRIPE_PUBLISHABLE_KEY=your_stripe_publishable_key
+
+# OpenAI Configuration (optional - for AI features)
+OPENAI_API_KEY=your_openai_api_key