Fix JWT secret fallback to meet 256-bit minimum requirement

Co-authored-by: dmccoystephenson <21204351+dmccoystephenson@users.noreply.github.com>

Author: Copilot

backend/src/main/resources/application.properties

@@ -36,5 +36,6 @@ app.password.min-length=8
 # JWT Configuration
 # SECURITY WARNING: In production, use environment variables or secure configuration management
 # Set JWT_SECRET environment variable before running in production
-jwt.secret=${JWT_SECRET:CHANGE_ME_IN_PRODUCTION}
+# The fallback value below is for development only
+jwt.secret=${JWT_SECRET:DevOnlySecretKeyMustBe32BytesForHS256AlgorithmMin256Bits}
 jwt.expiration=86400000