Add authentication and access controls to log viewer endpoints

[coderabbitai]

The new log viewer endpoints introduced in PR #833 currently expose sensitive webhook processing information without any authentication or access controls.

Affected endpoints:

• GET /logs (HTML page)
• GET /logs/api/entries (historical log entries)
• GET /logs/api/export (log export)
• GET /logs/api/pr-flow/{hook_id} (PR flow visualization)
• GET /logs/api/workflow-steps/{hook_id} (workflow steps)
• WebSocket /logs/ws (real-time streaming)

Security concerns:

• Endpoints expose repository names, user information, and system behavior
• No authentication mechanism protects access
• Potential for unauthorized access to sensitive operational data

Requirements:

• Implement authentication mechanism (JWT tokens, API keys, etc.)
• Add authorization controls to restrict access to admin users
• Ensure HTTPS enforcement
• Consider rate limiting and CORS restrictions
• Add audit logging for access to these endpoints
• Sanitize sensitive information in responses

References:

• Original PR: feat: implement core log parsing infrastructure #833
• Security review comment: feat: implement core log parsing infrastructure #833 (comment)

Requested by: @myakove

[myakove]

test

[myakove]

test