feat: P1 보안/성능 개선 및 마이그레이션 자동화

Security fixes:
- migrate.ts: SQL/Command Injection 방지 (spawnSync 사용)
- migrate.ts: Path Traversal 검증 추가
- api-tester.ts: API 키 마스킹 (4자만 노출)
- api-tester.ts: 최소 16자 키 길이 검증
- cache.ts: ReDoS 방지 (패턴 길이/와일드카드 제한)

Performance improvements:
- cache.ts: 순차 삭제 → 병렬 배치 처리 (50개씩)
- cache.ts: KV 등록 fire-and-forget (non-blocking)
- cache.ts: 메모리 제한 (5000키)
- cache.ts: 25초 실행 시간 가드
- cache.ts: 패턴 매칭 prefix 최적화

New features:
- 마이그레이션 자동화 시스템 (scripts/migrate.ts)
- KV 기반 캐시 인덱스 (invalidatePattern, clearAll)
- 글로벌 CacheService 싱글톤

Other:
- .env.example 추가, API 키 환경변수 처리
- CACHE_TTL.RECOMMENDATIONS (10분) 분리
- e2e-tester.ts JSON 파싱 에러 핸들링 개선

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

scripts/e2e-tester.ts

@@ -3,7 +3,17 @@
  * E2E Scenario Tester for Cloud Instances API
  *
  * Tests complete user workflows against the deployed API
- * Run: npx tsx scripts/e2e-tester.ts [--scenario <name>] [--dry-run]
+ *
+ * Requirements:
+ *   API_KEY environment variable must be set
+ *
+ * Usage:
+ *   export API_KEY=your-api-key-here
+ *   npx tsx scripts/e2e-tester.ts [--scenario <name>] [--dry-run]
+ *
+ * Or use npm scripts:
+ *   npm run test:e2e
+ *   npm run test:e2e:dry
  */
 
 import process from 'process';
@@ -12,8 +22,17 @@ import process from 'process';
 // Configuration
 // ============================================================
 
-const API_URL = 'https://cloud-instances-api.kappa-d8e.workers.dev';
-const API_KEY = '0f955192075f7d36b1432ec985713ac6aba7fe82ffa556e6f45381c5530ca042';
+const API_URL = process.env.API_URL || 'https://cloud-instances-api.kappa-d8e.workers.dev';
+const API_KEY = process.env.API_KEY;
+
+if (!API_KEY) {
+  console.error('\n❌ ERROR: API_KEY environment variable is required');
+  console.error('Please set API_KEY before running E2E tests:');
+  console.error('  export API_KEY=your-api-key-here');
+  console.error('  npm run test:e2e');
+  console.error('\nOr create a .env file (see .env.example for reference)');
+  process.exit(1);
+}
 
 interface TestContext {
   recommendedInstanceId?: string;
@@ -49,9 +68,14 @@ async function apiRequest(
   let data: unknown;
 
   try {
-    data = await response.json();
+    const text = await response.text();
+    try {
+      data = JSON.parse(text);
+    } catch (err) {
+      data = { error: 'Failed to parse JSON response', rawText: text };
+    }
   } catch (err) {
-    data = { error: 'Failed to parse JSON response', rawText: await response.text() };
+    data = { error: 'Failed to read response body' };
   }
 
   return {