Add ECDSA signature verification and enhance ComboHandler functionality

- Integrated ECDSA for signature verification in ComboHandler.
- Updated event emissions to include additional parameters for better tracking.
- Improved gas tracking during execution of combo plans.
- Enhanced database interactions for storing and retrieving plans, including conflict resolution and status updates.
- Added new dependencies for security and database management in orchestrator.

orchestrator/src/middleware/apiKeyAuth.ts

@@ -0,0 +1,44 @@
+import { Request, Response, NextFunction } from "express";
+
+/**
+ * API Key authentication middleware
+ */
+export const apiKeyAuth = (req: Request, res: Response, next: NextFunction) => {
+  const apiKey = req.headers["x-api-key"] || req.headers["authorization"]?.replace("Bearer ", "");
+
+  if (!apiKey) {
+    return res.status(401).json({
+      error: "Unauthorized",
+      message: "API key is required",
+    });
+  }
+
+  // Validate API key (in production, check against database)
+  const validApiKeys = process.env.API_KEYS?.split(",") || [];
+  if (!validApiKeys.includes(apiKey as string)) {
+    return res.status(403).json({
+      error: "Forbidden",
+      message: "Invalid API key",
+    });
+  }
+
+  // Attach API key info to request
+  (req as any).apiKey = apiKey;
+  next();
+};
+
+/**
+ * Optional API key authentication (for public endpoints)
+ */
+export const optionalApiKeyAuth = (req: Request, res: Response, next: NextFunction) => {
+  const apiKey = req.headers["x-api-key"] || req.headers["authorization"]?.replace("Bearer ", "");
+  if (apiKey) {
+    const validApiKeys = process.env.API_KEYS?.split(",") || [];
+    if (validApiKeys.includes(apiKey as string)) {
+      (req as any).apiKey = apiKey;
+      (req as any).authenticated = true;
+    }
+  }
+  next();
+};
+