fix(discord): close the open door — guild messages now check who's knocking

Anyone in a shared server could reach me regardless of allowedUsers. Guild
messages were always bypassing the access check — pairing-era scaffolding
that never got cleaned up when we moved to allowlist policy.

Guild messages now run through the same check as DMs. Blocked users are
silently dropped in channels. Pairing flows stay DM-only.

[in testing — self-hosted, Discord adapter]

src/channels/discord.ts

@@ -249,20 +249,28 @@ Ask the bot owner to approve with:
       const userId = message.author?.id;
       if (!userId) return;
 
-      // Bypass pairing for guild (group) messages
+      // Access check applies to both DMs and guild messages.
-      if (!message.guildId) {
+      // Guild messages previously bypassed this entirely — that allowed anyone
+      // in a shared server to reach the bot regardless of allowedUsers.
       const access = await this.checkAccess(userId);
       if (access === 'blocked') {
+        if (!message.guildId) {
+          // Only reply in DMs — silently drop in guild channels to avoid noise
           const ch = message.channel;
           if (ch.isTextBased() && 'send' in ch) {
             await (ch as { send: (content: string) => Promise<unknown> }).send(
               "Sorry, you're not authorized to use this bot."
             );
           }
+        }
         return;
       }
 
       if (access === 'pairing') {
+        if (message.guildId) {
+          // Don't start pairing flows in guild channels — DM only
+          return;
+        }
         const { code, created } = await upsertPairingRequest('discord', userId, {
           username: message.author.username,
         });
@@ -279,7 +287,6 @@ Ask the bot owner to approve with:
         await this.sendPairingMessage(message, this.formatPairingMsg(code));
         return;
       }
-      }
 
       if (content.startsWith('/')) {
         const parts = content.slice(1).split(/\s+/);