[jwt] improve config validation

Author: capcom6

internal/sms-gateway/jwt/config.go

@@ -5,6 +5,10 @@ import (
 	"time"
 )
 
+const (
+	minSecretLength = 32
+)
+
 type Config struct {
 	Secret string
 	TTL    time.Duration
@@ -16,7 +20,11 @@ func (c Config) Validate() error {
 		return fmt.Errorf("%w: secret is required", ErrInvalidConfig)
 	}
 
-	if c.TTL == 0 {
+	if len(c.Secret) < minSecretLength {
+		return fmt.Errorf("%w: secret must be at least %d bytes", ErrInvalidConfig, minSecretLength)
+	}
+
+	if c.TTL <= 0 {
 		return fmt.Errorf("%w: ttl must be positive", ErrInvalidConfig)
 	}