Critical security fix: 5 financial POST endpoints were missing
authentication checks. Added requireAuth() middleware to:
- /api/flh/hibah/send
- /api/flh/hibah/accept
- /api/flh/sadaqah/send
- /api/flh/waqf/contribute
- /api/flh/zakat/pay
These involve FLH token transfers and must verify user identity.