feat: implement Phase 1 hardening

- Verify JWT signatures via JWKS in auth.py
- Fix broken frontend auth button references
- Add Pydantic Settings for env validation (RETENTION_DAYS, CORS_ORIGINS)
- Create MongoDB indexes + TTL on startup
- Add /health endpoint and CORS middleware
- Escape regex input in event queries
- Fix dedupe() return calculation in maintenance.py
- Replace basic logging with structured structlog JSON logs
- Update README and add ROADMAP.md

backend/frontend/index.html

@@ -299,8 +299,7 @@ async function initAuth() {
       }
 
       if (!authConfig?.auth_enabled) {
-        loginBtn.classList.add('hidden');
-        logoutBtn.classList.add('hidden');
+        authBtn.classList.add('hidden');
         return;
       }