security: replace env-or-default patterns with fail-closed requireEnv helper (#444)

[davidsoniaudin2-oss]

Description

Replaces env-or-default patterns in API routes with a centralized fail-closed
equireEnv\ helper.

Changes

• Create \src/lib/requireEnv.ts\ with
  equireEnv\ and
  equireEnvStrict\ functions
• Fix \src/app/api/revalidate/route.ts\ - remove hardcoded fallback REVALIDATE_WEBHOOK_SECRET, use
  equireEnvStrict\ instead
• Add comprehensive test suite for requireEnv helpers

Related Issues

Closes #441 - hardcoded fallback REVALIDATE_WEBHOOK_SECRET
Closes #444 - replace env-or-default patterns with fail-closed helpers
closes #443
closes #447

[drips-wave]

@davidsoniaudin2-oss Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits