bug: missing ownerUserId defaults to all-users-are-owner

[electronicBlacksmith]

Problem

When ownerUserId is not configured in the Slack channel config, isOwner() returns true for every user:

private isOwner(userId: string): boolean {
    if (!this.ownerUserId) return true;  // everyone is owner
    return userId === this.ownerUserId;
}

This means any workspace member can interact with the bot - DMs, @-mentions, and (with #18) channel thread replies. While this might be intentional for some deployments, it's a misconfiguration trap: forgetting to set the owner silently opens the bot to everyone.

Expected behavior

Responding to all users should be an explicit opt-in, not the default when a config field is missing. Suggested approach:

• Add an allow_all_users: true config flag in channels.yaml
• If neither ownerUserId nor allow_all_users is set, refuse to respond and log a warning at startup
• This makes the permissive mode a deliberate choice rather than a silent default

Files

• src/channels/slack.ts - isOwner() method (~line 109)
• config/ - channel config schema would need the new flag
• Likely also affects Telegram channel if it has the same pattern

Context

Discovered during review of #18 (Slack thread participation). That PR broadens the bot's response surface in channels, making this pre-existing issue more impactful.