refactor: enhance JWT authentication and CORS configuration

Updated JWT authentication to use configuration values instead of hardcoded secrets, improving security and flexibility. Enhanced CORS policy to conditionally allow origins based on configuration settings, with logging for permissive defaults. Updated README to reflect project renaming and clarify service context.

Infrastructure/ConfigurationResolver.cs

@@ -0,0 +1,27 @@
+namespace Azaion.Flights.Infrastructure;
+
+public static class ConfigurationResolver
+{
+    // Fail-fast contract: missing or whitespace-only values throw at startup so a
+    // production deploy without the operator-confirmed values cannot silently
+    // accept an insecure default (e.g. a development JWT secret, a localhost DB).
+    public static string ResolveRequiredOrThrow(
+        IConfiguration configuration,
+        string envVar,
+        string configKey,
+        string humanLabel)
+    {
+        ArgumentNullException.ThrowIfNull(configuration);
+
+        var value = Environment.GetEnvironmentVariable(envVar);
+        if (string.IsNullOrWhiteSpace(value))
+            value = configuration[configKey];
+
+        if (string.IsNullOrWhiteSpace(value))
+            throw new InvalidOperationException(
+                $"{humanLabel} is not configured. Set the {envVar} environment variable " +
+                $"or the {configKey} configuration key.");
+
+        return value;
+    }
+}