fix(blueprint): Review fixes — API key lookup, tier enforcement, safety

Fixes 10 issues from Blueprint extension code review:
- CurseForge API key now reads via Blueprint dbGet() matching admin save
- PRO-tier fields (webhook, interval) enforced server-side, not just UI
- json_decode results validated before accessing parsed data
- Null user guard on getStatus() endpoint
- 429 response uses consistent error key format
- Modrinth slug derivation strips special chars, documented as fallback
- Check interval dropdown reflects saved value
- API key input changed to password type
- TypeScript error typing narrowed from any to unknown
- Removed unused DB import from ModpackApiService

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

services/modpack-version-checker/blueprint-extension/admin/controller.php

@@ -53,8 +53,13 @@ class modpackcheckerExtensionController extends Controller
     public function update(modpackcheckerSettingsFormRequest $request): RedirectResponse
     {
         $this->blueprint->dbSet('modpackchecker', 'curseforge_api_key', $request->input('curseforge_api_key') ?? '');
-        $this->blueprint->dbSet('modpackchecker', 'discord_webhook_url', $request->input('discord_webhook_url') ?? '');
-        $this->blueprint->dbSet('modpackchecker', 'check_interval', $request->input('check_interval') ?? 'daily');
+
+        // Only save PRO-tier fields if the user is on the pro tier
+        $tier = $this->blueprint->dbGet('modpackchecker', 'tier') ?: 'standard';
+        if ($tier === 'pro') {
+            $this->blueprint->dbSet('modpackchecker', 'discord_webhook_url', $request->input('discord_webhook_url') ?? '');
+            $this->blueprint->dbSet('modpackchecker', 'check_interval', $request->input('check_interval') ?? 'daily');
+        }
 
         return redirect()->route('admin.extensions.modpackchecker.index')->with('success', 'Settings saved successfully.');
     }