bf2091365d
New /files/signed-url/:id endpoint generates a 15-minute JWT-signed URL for any file. New /files/s/* endpoint serves files using the token from the query string without requiring auth headers. This allows files to open in new browser tabs without authentication issues. Photos and documents in repair tickets now use signed URLs when clicked.