feat: add security headers to nginx configurations and improve environment variable handling

shared/common/src/auth.rs

@@ -32,7 +32,7 @@ pub fn create_jwt(
         token_type: Some("access".to_string()),
     };
 
-    let secret = std::env::var("JWT_SECRET").unwrap_or_else(|_| "secret".to_string());
+    let secret = std::env::var("JWT_SECRET").expect("JWT_SECRET env var must be set");
     encode(
         &Header::default(),
         &claims,
@@ -59,7 +59,7 @@ pub fn create_preview_token(
         token_type: Some("preview".to_string()),
     };
 
-    let secret = std::env::var("JWT_SECRET").unwrap_or_else(|_| "secret".to_string());
+    let secret = std::env::var("JWT_SECRET").expect("JWT_SECRET env var must be set");
     encode(
         &Header::default(),
         &claims,

shared/common/src/middleware.rs

@@ -42,8 +42,7 @@ pub async fn org_extractor_middleware(
         }
     };
 
-    // NOTA: El secreto debe venir de una variable de entorno en producción.
-    let secret = std::env::var("JWT_SECRET").unwrap_or_else(|_| "secret".to_string());
+    let secret = std::env::var("JWT_SECRET").expect("JWT_SECRET env var must be set");
 
     let claims = decode::<Claims>(
         &token,