8a86cf42d4
validateEnv() previously skipped validation entirely when NODE_ENV !== 'production', allowing the app to start without JWT_SECRET and JWT_REFRESH_SECRET in dev/staging. Split required vars into ALWAYS_REQUIRED (JWT secrets) and REQUIRED_IN_PRODUCTION (infrastructure) so security-critical secrets are validated in every environment. Co-Authored-By: Paperclip <noreply@paperclip.ing>