feat: add JWT verification middleware for Google Chat webhook

Verifies Bearer tokens from Google Chat using google-auth-library.
Checks issuer (chat@system.gserviceaccount.com) and audience
(CHAT_PROJECT_NUMBER). Verification is skipped when project number
is not configured, allowing local testing without tokens.

packages/a2a-server/src/http/app.ts

@@ -314,6 +314,7 @@ export async function createApp() {
     if (chatBridgeUrl) {
       const chatRoutes = createChatBridgeRoutes({
         a2aServerUrl: chatBridgeUrl,
+        projectNumber: process.env['CHAT_PROJECT_NUMBER'],
         debug: process.env['CHAT_BRIDGE_DEBUG'] === 'true',
       });
       expressApp.use(chatRoutes);