chore: Remove or guard test bcrypt endpoint in production

[GitAddRemote]

Description

Remove the test bcrypt endpoint from AuthController or add an environment guard to prevent it from being accessible in production.

Location

backend/src/modules/auth/auth.controller.ts:130-146

Current Code

@Get('test')
async testBCrypt() {
  (async () => {
    const plainPassword = 'securePassword123';
    const saltRounds = 10;

    // Simulate Registration
    const hashedPassword = await bcrypt.hash(plainPassword, saltRounds);
    console.log('Plain password:', plainPassword);
    console.log('Hashed password:', hashedPassword);

    // Simulate Login
    const isMatch = await bcrypt.compare(plainPassword, hashedPassword);
    console.log('Passwords match:', isMatch);
    return isMatch;
  })();
}

Options

Option 1: Remove the endpoint entirely

// Delete lines 130-146

Option 2: Add environment guard

@Get('test')
async testBCrypt() {
  if (this.configService.get('NODE_ENV') === 'production') {
    throw new NotFoundException();
  }
  // ... rest of code
}

Option 3: Move to development-only module

Create a separate DevToolsController that's only registered in development/staging environments.

Rationale

• This endpoint appears to be for development/testing purposes
• Should not be exposed in production environments
• Could provide information about bcrypt configuration to attackers
• Uses console.log which is not ideal for production

Priority

Low - The endpoint doesn't expose sensitive data or create security vulnerabilities, but it's not production-appropriate.

Related

Part of code review follow-up from #100