## 1. JWT Secret Validation
- [x] 1.1 Add minimum secret length check (32+ characters)
- [x] 1.2 Add entropy validation for JWT secret
- [x] 1.3 Log warning on startup if secret is weak
- [x] 1.4 Write unit tests for secret validation

## 2. CSRF Protection
- [x] 2.1 Add CSRF token generation utility
- [x] 2.2 Add CSRF validation middleware
- [x] 2.3 Apply to sensitive endpoints (password change, delete operations)
- [x] 2.4 Update frontend to include CSRF token in requests
- [x] 2.5 Write integration tests for CSRF validation

## 3. MIME Type Validation
- [x] 3.1 Add python-magic or similar library for MIME detection
- [x] 3.2 Implement magic bytes validation in file upload service
- [x] 3.3 Reject files where extension doesn't match actual content
- [x] 3.4 Add configurable allowed MIME types per file category
- [x] 3.5 Write unit tests for MIME validation