Fix/startup audit window

[ademboukabes]

Summary
This PR fixes a startup audit bug that could delete valid historical Discord messages from Qdrant when they were outside the fetched audit window.

Changes
limit reconciliation to the message range actually covered by the audit window
skip Qdrant records outside the audited message-id bounds
keep offline delete detection working for messages that are inside the audited window
replace repeated linear lookup with a message lookup map during reconciliation
add unit tests for:
preserving older messages outside the audit window
deleting missing messages that are inside the audit window
Why
Previously, the startup audit fetched only a bounded set of Discord messages before the cursor, but compared that partial snapshot against all Qdrant points in the channel.

That meant older valid records could be treated as missing and deleted incorrectly.

[YounesBensafia]

Hey! Thanks a lot for this great PR especially the fix for the startup audit bug in src/core/audit.py, that part is really valuable

However, we’ve decided not to include the new API key security features for now, as we want to keep the project fully open-access for communities.

Would you mind updating the PR by removing the security/auth-related changes (security.py, config.py, routes.py) and keeping only the audit bug fix?

If that’s not convenient for you, no worries at all we can close this PR and implement a standalone fix ourselves.

Let me know what works best for you!

[YounesBensafia]

Thanks @ademboukabes a lot for the quick update ! This fix is really important for the project's data integrity, and we're super happy to have it merged.
We really appreciate the contribution and your flexibility in adjusting the PR. Great job!