fix(#183): remove hardcoded workspace ID from Discord service

Remove critical security vulnerability where Discord service used hardcoded
"default-workspace" ID, bypassing Row-Level Security policies and creating
potential for cross-tenant data leakage.

Changes:
- Add DISCORD_WORKSPACE_ID environment variable requirement
- Add validation in connect() to require workspace configuration
- Replace hardcoded workspace ID with configured value
- Add 3 new tests for workspace configuration
- Update .env.example with security documentation

Security Impact:
- Multi-tenant isolation now properly enforced
- Each Discord bot instance must be configured for specific workspace
- Service fails fast if workspace ID not configured

Breaking Change:
- Existing deployments must set DISCORD_WORKSPACE_ID environment variable

Tests: All 21 Discord service tests passing (100%)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

.env.example

@@ -171,6 +171,12 @@ GITEA_WEBHOOK_SECRET=REPLACE_WITH_RANDOM_WEBHOOK_SECRET
 # DISCORD_BOT_TOKEN=your-discord-bot-token-here
 # DISCORD_GUILD_ID=your-discord-server-id
 # DISCORD_CONTROL_CHANNEL_ID=channel-id-for-commands
+# DISCORD_WORKSPACE_ID=your-workspace-uuid
+#
+# SECURITY: DISCORD_WORKSPACE_ID must be a valid workspace UUID from your database.
+# All Discord commands will execute within this workspace context for proper
+# multi-tenant isolation. Each Discord bot instance should be configured for
+# a single workspace.
 
 # ======================
 # Logging & Debugging