test: add integration tests for /api/v1/prices routes

[cLamberti]

Closes #9
Good afternoon maintainer, thanks for the opportunity to contribute.
Here's what I did:

Summary

Adds 13 supertest integration tests for GET /api/v1/prices/:asset_code
and GET /api/v1/prices/:asset_code/refresh. All external dependencies
(priceOracle, apiKeys, cache, logger) are mocked at module level so tests
are fast, deterministic, and require no running Redis or network.

Test results

13/13 passing in ~2s.

Test cases

GET /api/v1/prices/:asset_code

• Happy path — 200 with full response shape
• Stale price — 200 with is_stale: true and non-empty stale_warning
• Oracle throws — 500 with generic message, no internal details leaked
• Unknown asset (price_usd: null) — 404 (see discrepancy note below)
• XLM native (no issuer) — oracle called with null issuer
• ?issuer= query param — passed through to oracle
• Invalid asset code (>12 chars) — 400
• Malformed issuer — 400
• Redis unavailable — 200 with redis_unavailable: true (graceful degradation)

GET /api/v1/prices/:asset_code/refresh

• No Authorization header — 401
• Invalid API key — 401
• Valid API key — 200 with full response shape
• Valid API key + oracle throws — 500, no internal details leaked

Discrepancy noted

Issue #9 describes unknown assets as returning 200 with price_usd: null.
The actual route (src/routes/prices.js lines 42–48) returns 404 when
priceData.price_usd === null. The test reflects real route behavior and
includes an inline comment documenting the discrepancy.

Prerequisite fixes

Two bugs prevented npm test from running at all before this PR:

• package.json: missing comma between "zod" and "winston-daily-rotate-file" caused a JSONError on every npm test invocation before a single test could run.
• src/index.js: const server was declared inside the if (require.main === module) block, making module.exports = { app, server } throw a ReferenceError when imported in tests.

Pre-existing test failures (not introduced by this PR), I'm happy to help with it, though. Just create an issue I'll apply and you can assign it to me.

test/airdrops.test.js (14 failures) and test/alerts-routes.test.js (1 failure)
were already broken before this branch — they were simply undetectable because
npm test crashed on the JSON syntax error before running any test file.
The root cause is a routing issue in src/index.js: requireApiKey() registered
via app.use('/api/v1', requireApiKey(), alertsRouter) intercepts all subsequent
/api/v1/* requests, returning 401 for routes that don't require auth.
These failures are pre-existing and out of scope for this PR.

Collateral fixes applied to unblock the full suite run:

• test/airdrops.test.js: corrected import from require('../src/index') to require('../src/index').app
• test/alerts-routes.test.js: added null guard on server.close(done) to prevent TypeError in test context