GHSA-j4hj-7hfh-g2f4: praisonai: recipe serve auth middleware silently disables itself when no secret is set

The recipe-serve surface runs agentic workflows — same execution posture as praisonai/jobs/server.py but separately configured / separately reached. Unauth access on this surface yields:

• Trigger arbitrary recipe executions, passing attacker-controlled inputs and configurations.
• Read the inputs / outputs of in-flight recipes — the operator’s prompts and the LLM responses.
• In some deployments, the recipe execution surface is wired to tools (browser automation, file-system writes, code execution). Reaching those tools without auth is a direct RCE path.