Enhance security and error handling in webhook and tracking APIs

- In `renew-webhooks.post.ts`, implemented fixed-length buffers for comparing CRON secrets to prevent timing attacks.
- Updated error handling to throw a 403 status for invalid cron secrets.
- In `track/[code].get.ts`, added a check for the `BETTER_AUTH_URL` environment variable and throw a 500 error if misconfigured.
- Ensured `ref` parameter in redirect URLs is properly encoded to prevent potential issues with special characters.

Author: JoachimLK

app/components/AppTopBar.vue

@@ -119,7 +119,7 @@ const jobTabs = computed(() => {
 // Main navigation
 // ─────────────────────────────────────────────
 
-const mainNav = [
+const mainNav: Array<{ label: string; to: string; icon: typeof Briefcase; exact: boolean; comingSoon?: boolean }> = [
   { label: 'Dashboard', to: '/dashboard', icon: LayoutDashboard, exact: true },
   { label: 'Jobs', to: '/dashboard/jobs', icon: Briefcase, exact: false },
   { label: 'Candidates', to: '/dashboard/candidates', icon: Users, exact: false },