feat: implement prompt injection protection and OpenRouter paid API key support

- Add comprehensive prompt injection security module with 160+ attack pattern detection
- Implement security checks in message handling with proper blocking and user feedback
- Add OpenRouter paid API key support (OPENROUTER_PAID_API_KEY) for premium models
- Update model discovery and chat functions to use paid API key for premium models
- Add comprehensive test suite with 434 test cases (98.39% accuracy)
- Tests cover legitimate WordPress development queries, injection attacks, obfuscated attempts
- Improve builder loading indicators with text-based progress (building/planning)
- Replace spinning animations with 'Starting build/planning process' messages

chat/security/index.js

@@ -0,0 +1,19 @@
+/**
+ * Security Module Index
+ * 
+ * Centralized exports for all security-related functionality.
+ * Import this module to access all security validators and sanitizers.
+ */
+
+const promptSanitizer = require('./prompt-sanitizer');
+
+module.exports = {
+  // Prompt injection detection
+  sanitizeUserInput: promptSanitizer.sanitizeUserInput,
+  shouldBlockInput: promptSanitizer.shouldBlockInput,
+  wrapUserContent: promptSanitizer.wrapUserContent,
+  createHardenedSystemPrompt: promptSanitizer.createHardenedSystemPrompt,
+  
+  // Re-export full module for advanced use
+  promptSanitizer,
+};