feat(security): add no-store cache headers to developer token endpoint

- Add comprehensive cache-control headers to prevent caching of bearer tokens
- Implement no-store, no-cache, must-revalidate, and private directives
- Include legacy Pragma and Expires headers for broader compatibility
- Prevent intermediary proxies and browser caches from storing sensitive tokens

Generated with [Claude Code](https://claude.ai/code)

Signed-off-by: Asitha de Silva <asithade@gmail.com>

Author: asithade

apps/lfx-one/src/server/controllers/profile.controller.ts

@@ -647,6 +647,13 @@ export class ProfileController {
         token_length: bearerToken.length,
       });
 
+      // Set cache headers to prevent caching of sensitive bearer tokens
+      res.set({
+        ['Cache-Control']: 'no-store, no-cache, must-revalidate, private',
+        Pragma: 'no-cache',
+        Expires: '0',
+      });
+
       res.json(tokenInfo);
     } catch (error) {
       Logger.error(req, 'get_developer_token_info', startTime, error);