fix: add authentication to IPFS upload endpoint (#4171)
The POST /ipfs/upload endpoint was completely unauthenticated, allowing any anonymous user to pin arbitrary content to Intersect's Pinata account. Changes: - Add API key configuration (ipfsuploadapikey) to backend config - Require Authorization: Bearer <key> header on /ipfs/upload - Add UnauthorizedError (401) to AppError type - Fail closed when no API key is configured - Update frontend to send API key via VITE_IPFS_UPLOAD_API_KEY env var - Update example-config.json with new ipfsuploadapikey field Fixes #4171