[P1] Make Firebase initialization secret-safe and fail fast in production

[jjoonleo]

Problem

Firebase Admin SDK initialization loads a service account JSON file from application resources and catches initialization failures with printStackTrace instead of failing startup or surfacing a health problem.

Why this is not production ready

If Firebase credentials are missing, invalid, or revoked, the service can still start and appear healthy while push notification features fail later. Loading credentials from packaged resources also conflicts with secret-management hardening.

Evidence

• FirebaseInitialization.initialize calls getResourceAsStream("ontime-c63f1-firebase-adminsdk-fbsvc-a043cdc829.json").
• On IOException, it calls e.printStackTrace() and continues.
• Firebase send failures are also swallowed in NotificationService, which compounds the issue.

Required work

• Load Firebase credentials from an environment-specific secret source, not a resource file.
• Fail startup in production when Firebase is required but cannot initialize.
• If Firebase is optional in some environments, expose a degraded health status and disable dependent features explicitly.
• Add structured logging with no credential content.
• Add tests for missing/invalid credential behavior.

Acceptance criteria

• Production startup fails or reports unhealthy when Firebase credentials are invalid/missing.
• No Firebase service account JSON is packaged inside the app artifact.
• Health/readiness clearly indicates Firebase availability.
• Initialization failures are observable without leaking credential content.