ownership(channels): clarify and fix WASM channel secret ownership

[henrypark133]

MT-4 — High: WASM channel secrets use config.owner_id without documentation

Origin: PR #1898 review comment (MT-4)
Spec: Ownership model design

Problem

src/channels/wasm/setup.rs looks up all channel secrets (webhook secrets, signature keys, HMAC secrets) using config.owner_id. Lines 184, 287, 306, 322 all call secrets.get_decrypted(&config.owner_id, ...).

For channel setup at boot, this is actually correct — channels are instance-level resources owned by the operator. But:

1. This isn't documented, so it looks like a bug
2. Runtime fallbacks in wrapper.rs hardcode "default" which IS wrong

Runtime fallbacks that need fixing

• wrapper.rs:~1049 — broadcast metadata falls back to "default" instead of using owner_scope_id
• wrapper.rs:~3130 — resolve_websocket_identify_message() always looks up secrets under hardcoded "default" instead of using the channel's owner

What to do

• Add documentation comments in setup.rs explaining that channel bot tokens are instance-level secrets, correctly looked up under config.owner_id
• Fix wrapper.rs:~1049 — remove "default" fallback, use owner_scope_id consistently
• Fix wrapper.rs:~3130 — pass the channel's owner through to resolve_websocket_identify_message() instead of hardcoding "default"
• Add test: channel wrapper uses its configured owner, not a hardcoded default

Files

• src/channels/wasm/setup.rs — channel secret lookup (document, don't change)
• src/channels/wasm/wrapper.rs — runtime secret fallbacks (fix)

Related

• Overlaps with WASM credential fallback issue (MT-2) for the wrapper.rs fixes