security: reject empty Telegram allowed_users whitelist

[bug-ops]

Related to #391

Summary

When allowed_users is empty, the Telegram channel accepts messages from any user, creating an unauthorized access vector if the bot token leaks.

Severity

Medium — Misconfiguration can lead to complete agent compromise.

Location

crates/zeph-channels/src/telegram.rs:64-74

Attack Scenario

1. User deploys Zeph with Telegram but forgets to configure allowed_users
2. Bot token leaks (logs, config committed to git, etc.)
3. Attacker sends arbitrary commands with full tool execution privileges

Recommendation

Option 1 (Breaking): Fail at startup if whitelist is empty:

pub fn start(mut self) -> Result<Self, ChannelError> {
    if self.allowed_users.is_empty() {
        return Err(ChannelError::Other(
            "allowed_users must not be empty (security requirement)".into()
        ));
    }
    // ...
}

Option 2 (Non-breaking): Log a prominent warning:

if self.allowed_users.is_empty() {
    tracing::warn!(
        "Telegram allowed_users is empty — bot will accept messages from ANY user!"
    );
}

Recommend Option 1 for pre-1.0 project.

References

• CWE-284 (Improper Access Control)
• Security audit: .local/audit/security-audit.md (SEC-3)