feat: Add ElevenLabs API key support to Settings model (#422)

[vikas123-abc]

Feat: Add ElevenLabs API Key Support to Settings Model

Closes #422

This PR implements support for users to securely store and manage their ElevenLabs API Key within their Cboard settings model. This lays the groundwork for future server-side integrations with ElevenLabs text-to-speech services.

---

Implementation Details 🛠️

This feature required synchronized changes across the Model (Schema) and the Controller (API Logic) to ensure both persistence and security.

1. Database Model (../models/Settings.js)

• Added the elevenlabsApiKey field to the SettingsSchema.
• The field is marked with select: false to ensure the sensitive key is never loaded by default, adhering to security best practices.
• Updated Settings.getOrCreate to accept an optional includeSecrets flag to conditionally force selection of the key when needed by the controller (i.e., for updates or sanitization).

2. Settings Controller (settings.js)

• API Input (updateSettings): Added logic to check for the elevenlabsApiKey in the request body, saving it to the database after trimming whitespace. It saves an empty string as null for consistency.
• Security & Output: Implemented a new helper function, getSafeSettingsResponse, which is used in both getSettings and updateSettings. This function:
  • Explicitly removes the plain text API key.
  • Returns two safe, non-secret fields instead: elevenlabsKeySet (boolean) and elevenlabsKeyPreview (last 4 characters).

---

Verification (Tested Behavior)

• Saving: Sending a valid key via the PUT/POST settings endpoint saves the key to the database.
• Clearing: Sending an empty string (" ") or null successfully clears the key from the database.
• Reading: The GET /settings API response no longer contains the elevenlabsApiKey field, but correctly returns the status flags: elevenlabsKeySet: true/false.