Ability to increase any customer offered fare (BAC)

A business logic flaw was discovered by @grassye that allowed a malicious passenger or driver (acting as a passenger) to increase the fare of another customer’s ride without their involvement. By chaining two unauthenticated endpoints `GET /v1/config?trip_id=XXX` to generate a hash, and `PUT /v1/bidding` to place a forged bid an attacker could cause an inflated fare to appear on the driver’s screen. Although the impacted passenger retains the ability to cancel, this behavior undermines trust, introduces potential for conflict, and highlighted a lack of authorization check in the backend logic.