No statement_timeout on database connections

[jeesunikim]

• Location: src/utils/connect.ts:93, src/utils/connect.ts:132
• Vulnerability: PrismaClient is created without a statement_timeout. If a query takes longer than expected (e.g., due to missing stats, planner misestimate, or lock contention), it will hold a connection indefinitely.
• Exploit scenario: An attacker sends many concurrent requests that trigger slow queries (e.g., for a contract with millions of rows). Without a statement timeout, these queries hold connections until the pool is fully exhausted, blocking all other users.
• Impact: Connection pool exhaustion → full API outage for all users.
• Suggested fix: Add statement_timeout to the database URL or configure it on the PrismaClient: postgresql://...?statement_timeout=30000 # 30 seconds