server: don't reject Telegram updates with unknown fields

DisallowUnknownFields rejected real Telegram payloads (entities, from,
date, etc. that our minimal structs don't cover). Lenient decode is the
right default for an upstream webhook we don't control.

server.go

@@ -59,9 +59,10 @@ func (s *Server) botWebhook(w http.ResponseWriter, r *http.Request) {
 	}
 
 	var update Update
-	dec := json.NewDecoder(r.Body)
-	dec.DisallowUnknownFields()
-	if err := dec.Decode(&update); err != nil {
+	// NOTE: pas de DisallowUnknownFields — Telegram ajoute des champs
+	// (entities, sticker, photo, forum_topic…) au fil du temps. On reste
+	// tolérant et on n'extrait que ce dont on a besoin.
+	if err := json.NewDecoder(r.Body).Decode(&update); err != nil {
 		http.Error(w, "bad update payload", http.StatusBadRequest)
 		return
 	}