fix: implement comprehensive input validation and sanitization

[Marvy247]

Summary

Closes #155

Implements comprehensive input validation and sanitization across backend handlers and frontend forms.

Changes

Backend

• New validation.rs module with reusable helpers:
  • validate_stellar_address() — validates G... address format (56 chars, alphanumeric)
  • validate_string() — enforces non-empty + max length
  • validate_amount() — ensures positive decimal number
  • sanitize_input() — strips HTML tags to prevent XSS/injection
• Product handler — validates id, name, category, origin_location, description length; sanitizes all free-text fields
• Event handler — validates product_id, actor Stellar address, location, note length; enforces event_type allowlist; rejects future timestamps
• Financial handler — validates transaction_type, currency, amount, due_date, financing_type on all write endpoints

Frontend

• InvoiceForm — added client-side validation with inline error messages for amount (positive number) and due_date (future date required); aria attributes for accessibility

Security Impact

• Prevents injection attacks via HTML sanitization on all free-text inputs
• Stellar address format validation blocks malformed addresses
• Event type allowlist prevents arbitrary string injection
• Amount validation prevents negative/zero financial values

[drips-wave]

@Marvy247 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits