feat(#284): Reduce timestamp validation window to 60s with replay attack prevention

Security improvements:
- Reduce timestamp tolerance from 5 minutes to 60 seconds
- Add nonce-based replay attack prevention using Redis
- Store signature nonce with 60s TTL matching tolerance window
- Reject replayed messages with same signature

Changes:
- Update SignatureService.TIMESTAMP_TOLERANCE_MS to 60s
- Add Redis client injection to SignatureService
- Make verifyConnectionRequest async for nonce checking
- Create RedisProvider for shared Redis client
- Update ConnectionService to await signature verification
- Add comprehensive test coverage for replay prevention

Part of M7.1 Remediation Sprint P1 security fixes.

Fixes #284

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

apps/api/src/federation/connection.service.ts

@@ -286,7 +286,7 @@ export class ConnectionService {
     });
 
     // Verify signature
-    const validation = this.signatureService.verifyConnectionRequest(request);
+    const validation = await this.signatureService.verifyConnectionRequest(request);
 
     if (!validation.valid) {
       const errorMsg: string = validation.error ?? "Unknown error";