Remove branded comment prefixes from file signature validation

[Copilot]

Code review feedback identified branded prefixes ("Sentinel 🛡️:", "Sentinel:") in comments, violating project style guidelines requiring simple descriptive comments.

Changes Made

• server/utils.ts:47 - Removed "Sentinel 🛡️:" prefix from verifyAudioFileSignature() JSDoc comment
• server/routes.ts:1151 - Removed "Sentinel:" prefix from file signature verification inline comment

Both comments now use plain descriptive text per project guidelines.

// Before
/**
 * Sentinel 🛡️: Validates audio file signatures to prevent malicious uploads.
 * Checks for MP3, WAV, OGG, FLAC, and AAC/M4A magic bytes.
 */

// After
/**
 * Validates audio file signatures to prevent malicious uploads.
 * Checks for MP3, WAV, OGG, FLAC, and AAC/M4A magic bytes.
 */

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Summary by cubic

Updated Sentinel’s file upload pipeline to close a validation bypass, enforcing strict server-side checks and safer defaults. This blocks spoofed uploads and reduces the risk of malicious files being stored.

• Bug Fixes
  • Verify file type using magic bytes with an allowlist, not headers or extensions.
  • Enforce size limits; reject double-extension and hidden-dot filenames.
  • Sanitize filenames and normalize paths to prevent traversal.
  • Run validation middleware before storage and remove the route that skipped checks.

^{Written for commit d9915f9. Summary will update on new commits.}