fix: socket auth + stop trusting client for sender identity (#52)

[yashrajpurohit7]

Fixes #52

While going through the socket code I noticed two things that
stood out:

1. The socket connection had zero authentication anyone could
   connect and start emitting events with no verification at all.

2. send_message was taking sender_name, sender_tag, sender_pic
   directly from the client payload and forwarding them as-is.
   Basically anyone could put any name/pic and impersonate someone.

What I changed:

• Added a Socket.IO middleware (io.use) that checks the JWT token
  from the handshake before the connection is established. If the
  token is missing or invalid, the connection is rejected.

• send_message now ignores the client-provided sender fields and
  instead reads username, tag, profile_pic from the verified token
  stored in socket.data.user

• get_userid no longer trusts the user_id sent by the client
  uses the verified ID from the token instead

• Also merged the two separate io.on("connection") blocks into
  one since having them split serves no purpose

Files changed:

• server/socket/index.js
• frontend/src/components/socket/Socket.jsx

Note: join_chat membership check (also mentioned in #52) needs
DB queries to verify server membership I can follow up on that
separately if needed.

Tested locally socket connects with token, messages show
correct sender info.

[netlify]

👷 Deploy request for piperchat01 pending review.

Visit the deploys page to approve it

Name	Link
🔨 Latest commit	270a514

[0rigin-c0de]

LGTM

[yashrajpurohit7]

@0rigin-c0de sir merge it if possible