refactor: enhance JWT authentication and CORS configuration

Updated JWT authentication to use configuration values instead of hardcoded secrets, improving security and flexibility. Enhanced CORS policy to conditionally allow origins based on configuration settings, with logging for permissive defaults. Updated README to reflect project renaming and clarify service context.

_docs/_autodev_state.md

@@ -0,0 +1,17 @@
+# Autodev State
+
+## Current Step
+flow: existing-code
+step: 3
+name: Test Spec
+status: in_progress
+sub_step:
+  phase: 2
+  name: test-scenario-specification
+  detail: ""
+retry_count: 0
+cycle: 1
+tracker: jira
+
+## Rename tracking (Jira AZ-EPIC + child stories B1–B12)
+See `_docs/_process_leftovers/2026-05-14_rename-flights-to-missions.md` for the leftover entry; it is intentionally retained until B4–B12 ship.