Release v0.2.0 - Security and integrity features

- Add REST API response signing using HMAC-SHA256
- Add SHA256 hash validation for version file uploads
- Add ResponseSigner class for automatic API response signing
- Add file_hash column to database schema
- Remove external URL support from version uploads
- Update translations with all fuzzy strings resolved

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/Plugin.php

@@ -13,6 +13,7 @@ use Jeremias\WcLicensedProduct\Admin\AdminController;
 use Jeremias\WcLicensedProduct\Admin\OrderLicenseController;
 use Jeremias\WcLicensedProduct\Admin\SettingsController;
 use Jeremias\WcLicensedProduct\Admin\VersionAdminController;
+use Jeremias\WcLicensedProduct\Api\ResponseSigner;
 use Jeremias\WcLicensedProduct\Api\RestApiController;
 use Jeremias\WcLicensedProduct\Checkout\CheckoutBlocksIntegration;
 use Jeremias\WcLicensedProduct\Checkout\CheckoutController;
@@ -128,6 +129,11 @@ final class Plugin
         new RestApiController($this->licenseManager);
         new LicenseEmailController($this->licenseManager);
 
+        // Initialize response signing if server secret is configured
+        if (defined('WC_LICENSE_SERVER_SECRET') && WC_LICENSE_SERVER_SECRET !== '') {
+            (new ResponseSigner())->register();
+        }
+
         if (is_admin()) {
             new AdminController($this->twig, $this->licenseManager);
             new VersionAdminController($this->versionManager);