Security hardening: fix RCE, auth and SSRF issues

Critical:
- backup: prevent Zip Slip path traversal and zip bombs in restore/convert
  via safe_extract(); serialize get_backup() with backup_lock and always
  restore CWD so concurrent requests can't corrupt the os.chdir state
- app: only enable the Werkzeug debugger/reloader when ENVIRONMENT=dev;
  always init rate limits (also under WSGI), not just under __main__
- apikey: fix create_key never committing (session.commit -> commit()),
  validate roles against an allowlist, and fix revoke_key/update_last_used
  operating on detached instances so revocation actually persists
- env_provider: redact DB_PASSWORD and SESSION_SECRET_KEY in summerize()

High:
- markdown: filter private/protected docs for non-admins in the listing,
  get_home, get_index and search endpoints (was an anonymous data leak);
  escape LIKE metacharacters and cap search results
- webhooks: validate target URL to block SSRF (loopback/private/link-local/
  metadata IPs), disable redirects, safely parse additional_header
- auth: validate JWT issuer and require exp/iat; add timeout to JWKS fetch;
  harden Authorization header parsing against malformed values
- log: require admin for GET /api/log and auth for POST; bound entry size

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

app.py

@@ -53,8 +53,12 @@ def log_request():
     logger.info(f"Request received: {request.method} {request.path} from {request.remote_addr}")
 
 
+api.init_rate_limits(app)
+
 if __name__ == '__main__':
-    api.init_rate_limits(app)
     print("env")
     pprint(env_provider.summerize())
-    app.run(host='0.0.0.0', port=5000, debug=True, use_reloader=True)
+    # The Werkzeug debugger allows remote code execution. Only enable it in
+    # an explicit dev environment, never in the published production image.
+    is_dev = env_provider.ENVIRONMENT == "dev"
+    app.run(host='0.0.0.0', port=5000, debug=is_dev, use_reloader=is_dev)