fix(SEC-ORCH-28+29): Add Valkey connection timeout + workItems MaxLength

SEC-ORCH-28: Add connectTimeout (5000ms default) and commandTimeout
(3000ms default) to Valkey/Redis client to prevent indefinite connection
hangs. Both are configurable via VALKEY_CONNECT_TIMEOUT_MS and
VALKEY_COMMAND_TIMEOUT_MS environment variables.

SEC-ORCH-29: Add @ArrayMaxSize(50) and @MaxLength(2000) to workItems
in AgentContextDto to prevent memory exhaustion from unbounded input.
Also adds @ArrayMaxSize(20) and @MaxLength(200) to skills array.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/orchestrator/src/api/agents/dto/spawn-agent.dto.ts

@@ -6,6 +6,8 @@ import {
   IsArray,
   IsOptional,
   ArrayNotEmpty,
+  ArrayMaxSize,
+  MaxLength,
   IsIn,
   Validate,
   ValidatorConstraint,
@@ -83,12 +85,16 @@ export class AgentContextDto {
 
   @IsArray()
   @ArrayNotEmpty()
+  @ArrayMaxSize(50, { message: "workItems must contain at most 50 items" })
   @IsString({ each: true })
+  @MaxLength(2000, { each: true, message: "Each work item must be at most 2000 characters" })
   workItems!: string[];
 
   @IsArray()
   @IsOptional()
+  @ArrayMaxSize(20, { message: "skills must contain at most 20 items" })
   @IsString({ each: true })
+  @MaxLength(200, { each: true, message: "Each skill must be at most 200 characters" })
   skills?: string[];
 }