fix: share PoW HMAC secret across gunicorn workers

get_pow_secret() generated a random secret per process, so challenges
signed by worker A failed verification on worker B (~90% failure rate
with 2 workers).  Persist a file-backed secret to data/.pow_secret
using O_EXCL for atomic creation.  FLASKPASTE_POW_SECRET env var
still takes priority when configured.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.gitignore

@@ -32,6 +32,7 @@ data/*.db-shm
 *.pem
 *.key
 keys/
+data/.pow_secret
 
 # Build
 dist/