Fix BMad adversarial security review findings

Resolves 11 of the 13 findings:
- [CRITICAL] SQLi in RLS: replaced SET LOCAL with parameterized set_config()
- [CRITICAL] Rate Limiting: installed and registered @fastify/rate-limit in all 5 apps
- [CRITICAL] Invite Hijacking: added email verification check to invite lookup
- [HIGH] Webhook HMAC: added Fastify rawBody parser to fix JSON.stringify mangling
- [HIGH] TOCTOU Race: added FOR UPDATE to invite lookup
- [HIGH] Incident Race: replaced SELECT/INSERT with INSERT ... ON CONFLICT
- [MEDIUM] Grafana Timing Attack: replaced === with crypto.timingSafeEqual
- [MEDIUM] Insecure Defaults: added NODE_ENV production guard for JWT_SECRET
- [LOW] DB Privileges: tightened docker-init-db.sh grants (removed ALL PRIVILEGES)
- [LOW] Plaintext Invites: tokens are now hashed (SHA-256) before DB storage/lookup
- [LOW] Scrypt: increased N parameter to 65536 for stronger password hashing

Note:
- Finding #4 (Fragmented Identity) requires a unified auth database architecture.
- Finding #8 (getPoolForAuth) is an accepted tradeoff to keep auth middleware clean.

products/shared/auth.ts

@@ -86,7 +86,7 @@ export function signToken(payload: AuthPayload, secret: string, expiresIn = '24h
 async function hashPassword(password: string): Promise<string> {
   const salt = crypto.randomBytes(16).toString('hex');
   return new Promise((resolve, reject) => {
-    crypto.scrypt(password, salt, 64, (err, derived) => {
+    crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => {
       if (err) reject(err);
       resolve(`${salt}:${derived.toString('hex')}`);
     });
@@ -96,7 +96,7 @@ async function hashPassword(password: string): Promise<string> {
 async function verifyPassword(password: string, hash: string): Promise<boolean> {
   const [salt, key] = hash.split(':');
   return new Promise((resolve, reject) => {
-    crypto.scrypt(password, salt, 64, (err, derived) => {
+    crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => {
       if (err) reject(err);
       resolve(crypto.timingSafeEqual(Buffer.from(key, 'hex'), derived));
     });
@@ -169,9 +169,10 @@ export function registerAuthRoutes(app: FastifyInstance, jwtSecret: string, pool
 
       if (body.invite_token) {
         // Invite-based signup
+        const tokenHash = crypto.createHash('sha256').update(body.invite_token).digest('hex');
         const invite = await client.query(
-          `SELECT id, tenant_id, role, expires_at, accepted_at FROM tenant_invites WHERE token = $1`,
-          [body.invite_token],
+          `SELECT id, tenant_id, email, role, expires_at, accepted_at FROM tenant_invites WHERE token = $1 FOR UPDATE`,
+          [tokenHash],
         );
         if (!invite.rows[0]) {
           await client.query('ROLLBACK');
@@ -186,6 +187,10 @@ export function registerAuthRoutes(app: FastifyInstance, jwtSecret: string, pool
           await client.query('ROLLBACK');
           return reply.status(400).send({ error: 'Invite expired' });
         }
+        if (inv.email && inv.email.toLowerCase() !== body.email.toLowerCase()) {
+          await client.query('ROLLBACK');
+          return reply.status(400).send({ error: 'Email does not match invite' });
+        }
 
         tenantId = inv.tenant_id;
         role = inv.role;
@@ -271,11 +276,12 @@ export function registerProtectedAuthRoutes(app: FastifyInstance, jwtSecret: str
     const body = inviteSchema.parse(req.body);
 
     const token = crypto.randomBytes(32).toString('hex');
+    const tokenHash = crypto.createHash('sha256').update(token).digest('hex');
     const result = await pool.query(
       `INSERT INTO tenant_invites (tenant_id, email, role, token, invited_by)
        VALUES ($1, $2, $3, $4, $5)
        RETURNING expires_at`,
-      [tenantId, body.email, body.role, token, userId],
+      [tenantId, body.email, body.role, tokenHash, userId],
     );
 
     return reply.status(201).send({ invite_token: token, expires_at: result.rows[0].expires_at });