feat(security): implement input validation for notification endpoints

[dot-enny]

Description

This PR introduces robust input validation using Zod for the notification system endpoints to resolve security issue #363.

Key changes include:

• Created Zod validation schemas in src/schemas/notification.schema.ts to enforce safe bounds on properties (e.g. constraints on string lengths and type enums).
• Integrated request body validation in /api/notifications/send-notification, /api/notifications/track, and /api/notifications/subscribe.
• Added unit and integration tests inside src/lib/notifications/__tests__/api-validation.test.ts to ensure invalid payloads correctly return 400 Bad Request and valid payloads parse properly.

Related Issue

Closes #363

Type of Change

• Bug fix (security input validation)
• New feature
• Breaking change
• Documentation update

Checklist

• Code follows project style guidelines
• Self-review completed
• No console errors
• Uses Lucide icons consistently (N/A - backend only)
• Responsive design implemented (N/A - backend only)
• Starknet best practices followed (N/A - backend only)

[drips-wave]

@dot-enny Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits