Enhance Telegram bot functionality and improve error handling

- Introduced a new function to set the default menu button for the Telegram bot's Web App.
- Updated the initData validation process to provide detailed error messages for authorization failures.
- Refactored the validate_init_data function to return both username and reason for validation failure.
- Enhanced the web application to handle access denial more gracefully, providing users with hints on how to access the calendar.
- Improved the README with additional instructions for configuring the bot's menu button and Web App URL.
- Updated tests to reflect changes in the validation process and error handling.

api/test_app.py

@@ -53,22 +53,23 @@ def test_duties_200_when_skip_auth(mock_fetch, client):
     mock_fetch.assert_called_once_with("2025-01-01", "2025-01-31")
 
 
-@patch("api.app.validate_init_data")
+@patch("api.app.validate_init_data_with_reason")
 def test_duties_403_when_init_data_invalid(mock_validate, client):
-    mock_validate.return_value = None
+    mock_validate.return_value = (None, "hash_mismatch")
     r = client.get(
         "/api/duties",
         params={"from": "2025-01-01", "to": "2025-01-31"},
         headers={"X-Telegram-Init-Data": "some=data&hash=abc"},
     )
     assert r.status_code == 403
-    assert "авторизации" in r.json()["detail"] or "Неверные" in r.json()["detail"]
+    detail = r.json()["detail"]
+    assert "авторизации" in detail or "Неверные" in detail or "Неверная" in detail
 
 
-@patch("api.app.validate_init_data")
+@patch("api.app.validate_init_data_with_reason")
 @patch("api.app.config.can_access_miniapp")
 def test_duties_403_when_username_not_allowed(mock_can_access, mock_validate, client):
-    mock_validate.return_value = "someuser"
+    mock_validate.return_value = ("someuser", "ok")
     mock_can_access.return_value = False
     with patch("api.app._fetch_duties_response") as mock_fetch:
         r = client.get(
@@ -81,10 +82,10 @@ def test_duties_403_when_username_not_allowed(mock_can_access, mock_validate, cl
     mock_fetch.assert_not_called()
 
 
-@patch("api.app.validate_init_data")
+@patch("api.app.validate_init_data_with_reason")
 @patch("api.app.config.can_access_miniapp")
 def test_duties_200_with_allowed_user(mock_can_access, mock_validate, client):
-    mock_validate.return_value = "alloweduser"
+    mock_validate.return_value = ("alloweduser", "ok")
     mock_can_access.return_value = True
     with patch("api.app._fetch_duties_response") as mock_fetch:
         mock_fetch.return_value = [
@@ -108,7 +109,7 @@ def test_duties_200_with_allowed_user(mock_can_access, mock_validate, client):
 
 
 def test_duties_e2e_auth_real_validation(client, monkeypatch):
-    """E2E: valid initData + allowlist, no mocks on validate_init_data; full auth path."""
+    """E2E: valid initData + allowlist, no mocks on validate_init_data_with_reason; full auth path."""
     test_token = "123:ABC"
     test_username = "e2euser"
     monkeypatch.setattr(config, "BOT_TOKEN", test_token)