test: Add comprehensive multi-tenancy security tests

Tests for Issue #7 (multi-tenancy) and #8 (hardcoded API key):

1. SupabaseService ownership methods:
   - list_repositories_for_user filters by user_id
   - get_repository_with_owner requires both repo_id and user_id
   - verify_repo_ownership returns bool

2. RepoManager delegation tests:
   - list_repos_for_user delegates to supabase
   - verify_ownership delegates to supabase

3. Security helper tests:
   - get_repo_or_404 raises 404 for unauthorized access
   - get_repo_or_404 returns repo for owner
   - verify_repo_access raises 404 for unauthorized

4. Dev API key security tests:
   - Dev key fails without DEBUG=true
   - Dev key fails without explicit DEV_API_KEY env var
   - Dev key works with both DEBUG=true AND DEV_API_KEY
   - Wrong dev key fails even in DEBUG mode

5. Info leakage prevention tests:
   - Non-existent and unauthorized repos get identical 404

6. Integration tests (code inspection):
   - list_repositories uses user-filtered method
   - All repo endpoints use ownership verification
   - search endpoint verifies repo ownership
   - explain endpoint verifies repo ownership

All 18 tests passing.

Author: DevanshuNEU