Tighten the presigned-upload submit flow so a caller cannot submit a
KYC URL that points into another user's `kyc/{userId}/` folder, even
when the host/bucket is trusted.
- Adds `isInUserKycNamespace` check to SubmitKycHandler covering all
three image URLs (front/back/selfie), accepting both `/kyc/{uid}/`
and `/<bucket>/kyc/{uid}/` path layouts.
- Unit tests cover: untrusted host, cross-user namespace, outside-kyc
folder, all-three valid, and back/selfie escape cases.
- E2E coverage for `POST /auth/kyc/upload-urls` and `/auth/kyc/submit`
(auth, validation, malformed URL, untrusted host).
- Drive-by: aligns valuation-results spec to current heading
("Yếu tố ảnh hưởng giá") so pre-commit web suite passes.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
5bbddc48c9