chore: enhance security configuration across applications

- Add root-level *.json to .gitignore to prevent wallet backup leaks
- Replace wildcard CORS origins with explicit localhost URLs across all apps
- Add OPTIONS method to CORS allowed methods for preflight requests
- Update coordinator database to use absolute path in data/ directory to prevent duplicates
- Add JWT secret validation in coordinator config (must be set via environment)
- Replace deprecated get_session dependency with Session

apps/blockchain-node/src/aitbc_chain/app.py

@@ -111,8 +111,13 @@ def create_app() -> FastAPI:
     app.add_middleware(RateLimitMiddleware, max_requests=200, window_seconds=60)
     app.add_middleware(
         CORSMiddleware,
-        allow_origins=["*"],
-        allow_methods=["GET", "POST"],
+        allow_origins=[
+            "http://localhost:3000",
+            "http://localhost:8080",
+            "http://localhost:8000",
+            "http://localhost:8011"
+        ],
+        allow_methods=["GET", "POST", "OPTIONS"],
         allow_headers=["*"],
     )
 

apps/blockchain-node/src/aitbc_chain/gossip/relay.py

@@ -70,7 +70,16 @@ def create_app() -> Starlette:
     ]
     
     middleware = [
-        Middleware(CORSMiddleware, allow_origins=["*"], allow_methods=["*"])
+        Middleware(
+            CORSMiddleware, 
+            allow_origins=[
+                "http://localhost:3000",
+                "http://localhost:8080",
+                "http://localhost:8000",
+                "http://localhost:8011"
+            ], 
+            allow_methods=["POST", "GET", "OPTIONS"]
+        )
     ]
     
     return Starlette(routes=routes, middleware=middleware)