feat: add flexible instance configuration support with security improvements

- Add InstanceContext interface for runtime configuration
- Implement dual-mode API client (singleton + instance-specific)
- Add secure SHA-256 hashing for cache keys
- Implement LRU cache with TTL (100 instances, 30min expiry)
- Add comprehensive input validation for URLs and API keys
- Sanitize all logging to prevent API key exposure
- Fix session context cleanup and memory management
- Add comprehensive security and integration tests
- Maintain full backward compatibility for single-player usage

Security improvements based on code review:
- Cache keys are now cryptographically hashed
- API credentials never appear in logs
- Memory-bounded cache prevents resource exhaustion
- Input validation rejects invalid/placeholder values
- Proper cleanup of orphaned session contexts

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

src/config/n8n-api.ts

@@ -48,5 +48,27 @@ export function isN8nApiConfigured(): boolean {
   return config !== null;
 }
 
+/**
+ * Create n8n API configuration from instance context
+ * Used for flexible instance configuration support
+ */
+export function getN8nApiConfigFromContext(context: {
+  n8nApiUrl?: string;
+  n8nApiKey?: string;
+  n8nApiTimeout?: number;
+  n8nApiMaxRetries?: number;
+}): N8nApiConfig | null {
+  if (!context.n8nApiUrl || !context.n8nApiKey) {
+    return null;
+  }
+
+  return {
+    baseUrl: context.n8nApiUrl,
+    apiKey: context.n8nApiKey,
+    timeout: context.n8nApiTimeout ?? 30000,
+    maxRetries: context.n8nApiMaxRetries ?? 3,
+  };
+}
+
 // Type export
 export type N8nApiConfig = NonNullable<ReturnType<typeof getN8nApiConfig>>;