Address code review feedback: use dedicated executor, improve logging, add security notes

Co-authored-by: funkemunky <30784509+funkemunky@users.noreply.github.com>

Common/Source/src/main/java/dev/brighten/antivpn/api/VPNConfig.java

@@ -294,6 +294,8 @@ public class VPNConfig {
 
     /**
      * The authentication token to use for webhook requests.
+     * Note: Token is stored in memory as plaintext. Ensure proper file system
+     * permissions are set on config.yml to protect sensitive authentication tokens.
      * @return String
      */
     public String webhookAuthToken() {

Common/Source/src/main/java/dev/brighten/antivpn/webhook/WebhookNotifier.java

@@ -44,7 +44,7 @@ public class WebhookNotifier {
             } catch (Exception e) {
                 AntiVPN.getInstance().getExecutor().logException("Failed to send webhook notification", e);
             }
-        });
+        }, dev.brighten.antivpn.api.VPNExecutor.threadExecutor);
     }
 
     /**
@@ -91,7 +91,7 @@ public class WebhookNotifier {
             // Check response
             int responseCode = connection.getResponseCode();
             if (responseCode >= 200 && responseCode < 300) {
-                AntiVPN.getInstance().getExecutor().log(Level.FINE, 
+                AntiVPN.getInstance().getExecutor().log(Level.INFO, 
                     "Successfully sent webhook notification for player %s (response: %d)", 
                     player.getName(), responseCode);
             } else {

Common/Source/src/main/resources/config.yml

@@ -49,6 +49,7 @@ webhooks:
   # Optional: Set to true to include authentication header (Authorization: Bearer <token>)
   useAuthentication: false
   # The authentication token to use when useAuthentication is true
+  # Security Note: Token is stored in plaintext. Ensure proper file permissions on this file.
   authToken: ''
   # Timeout in seconds for webhook requests (default: 5)
   timeout: 5