Security and tenant isolation

Every Karibu table has Postgres RLS enabled, scoped by workspace_id. Cross-workspace reads/writes are physically impossible at the database layer. OAuth tokens are encrypted at rest with AES-GCM. Webhook bodies are verified by signature (Flutterwave: verif-hash; Pesapal: re-fetch from GetTransactionStatus).