feat: replace whisper.cpp with Grok STT for Telegram audio (#265) (#266)

* feat: replace whisper.cpp with Grok STT for Telegram audio (#265)

Swap the local whisper.cpp pipeline for xAI's POST /v1/stt endpoint.
Removes whisper-cli, ffmpeg, and ggml model download requirements; the
API auto-detects Telegram's OGG/Opus container and reuses the existing
GROK_API_KEY / GROK_BASE_URL resolution.

* fix: sanitize Telegram audio filename to prevent path traversal

Telegram senders control message.audio.file_name, so a crafted value
like "../../etc/something" would escape the mkdtemp directory when
joined via path.join. Strip POSIX/Windows separators and null bytes
from the basename, fall back to input<ext> for empty/dot-only names,
and add a defense-in-depth guard that refuses writes outside tempDir.