fix: bypass middleware auth for webhook endpoints (#82)

## Summary
- Stripe webhook POST requests were intercepted by middleware and
redirected to `/login` (no user session), returning 401 to Stripe
- Added `/api/webhooks/` to the middleware bypass list alongside
`/api/health`
- Combined with registering the Stripe endpoint as a **Connect** webhook
(done in Stripe dashboard), this fixes zero webhook delivery for member
signup/payment flows

## Test plan
- [ ] Deploy to dev preview
- [ ] Send test event from Stripe Connect webhook endpoint → expect 200
- [ ] Full signup + payment flow → verify credits appear in member
account

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Kikolator

apps/web/middleware.ts

@@ -22,8 +22,8 @@ export async function middleware(request: NextRequest) {
   const hostname = request.headers.get("host") ?? "";
   const { pathname } = request.nextUrl;
 
-  // Let the health-check endpoint through without auth or space resolution
-  if (pathname === "/api/health") {
+  // Let health-check and webhook endpoints through without auth or space resolution
+  if (pathname === "/api/health" || pathname.startsWith("/api/webhooks/")) {
     return NextResponse.next();
   }