✨ feat(api): implementasi autentikasi HMAC dan validasi komprehensif untuk API balance

- Security: validasi HMAC SHA512 untuk semua request, cek timestamp ISO 8601 dengan toleransi 5 menit, autentikasi API key, dan wajib header X-Api-Key, X-Signature, X-Timestamp.
- Input validation: account_number numeric 10 digit & exists, start/end date format YYYY-MM-DD dengan aturan range (start ≤ end ≤ today).
- Perubahan file: update `app/Http/Requests/BalanceSummaryRequest.php` (HMAC check, timestamp check, pesan error, logging) dan `config/webstatement.php` (api_key, secret_key).
- Error handling: konsisten dengan ResponseCode enum; HTTP status 400/401/404; pesan error jelas (Bahasa Indonesia) + logging.
- Testing: Postman collection diperbarui untuk kasus negatif & edge cases; backward compatibility dijaga.
- Breaking changes: endpoint kini mewajibkan 3 header (X-Api-Key, X-Signature, X-Timestamp); account number wajib 10 digit numeric; format tanggal strict.
- ENV: tambahkan `WEBSTATEMENT_API_KEY` dan `WEBSTATEMENT_SECRET_KEY` (dipetakan ke `config/webstatement.php`).

config/config.php

@@ -5,4 +5,17 @@ return [
 
     // ZIP file password configuration
     'zip_password' => env('WEBSTATEMENT_ZIP_PASSWORD', 'statement123'),
+    /*
+    |--------------------------------------------------------------------------
+    | API Configuration
+    |--------------------------------------------------------------------------
+    |
+    | These configuration values are used for API authentication using HMAC
+    | signature validation. These keys are used to validate incoming API
+    | requests and ensure secure communication.
+    |
+    */
+
+    'api_key' => env('API_KEY'),
+    'secret_key' => env('SECRET_KEY'),
 ];