chore: gate/remove hot-path debug logs (R2–R6 from #31)

[MrCoder]

Summary

Safe, no-behavior-change removal of diagnostic console.log calls identified in the Forge usage audit (issue #31, R2–R6). No control flow, return values, error handling, or load-bearing telemetry is touched.

Changes

File	What changed	Rationale
functions/utils/authenticate.ts (R2)	Removed console.log('ALLOWED_FORGE_APP_IDS:', ...) (line 45) and console.log('validateContextToken - payload', ...) (line 48)	Line 48 dumped the full decoded JWT payload — data-hygiene fix; line 45 exposed env var value needlessly
functions/_middleware.ts (R3)	Removed console.log('Function request url:', ...)	Fires on every authenticated request; pure noise with no diagnostic value
functions/utils/dbUtils.ts (R4)	Removed 6 unconditional console.log DB-result dumps; dropped unused const result = assignments that only existed to feed those logs	High-volume functions (every user event, every DB write); zero load-bearing use
functions/utils/R2Bucket.ts (R5)	Removed 2 per-write R2 logs (Writing to ${key} and env.EVENT_BUCKET:)	Fires on every lifecycle event write
functions/forge-installed.ts (R6)	Removed console.log('forge-installed body:', data)	Leaked full installer account data on every install/upgrade webhook

What is NOT changed

• R1 (high-volume trigger handler throttling) — needs usage-figure validation first
• R7 — needs staging test first
• All macro_viewed, duration_ms, paywall events, macro_export_* telemetry — untouched
• Error-path console.error and console.warn calls — kept (load-bearing diagnostics)
• All control flow, return values, and error handling — untouched

Test plan

• pnpm test:unit — 638 tests, all passing
• pnpm lint — 0 errors (functions/ is excluded from project ESLint by existing config)
• Do not merge — awaiting review
• Do not deploy to any environment