fix: reset models.Setting struct to prevent ID leakage in queries

- Added a reset of the models.Setting struct before querying for settings in both the Manager and Cerberus components to avoid ID leakage from previous queries.
- Introduced new functions in Cerberus for checking admin authentication and admin whitelist status.
- Enhanced middleware logic to allow admin users to bypass ACL checks if their IP is whitelisted.
- Added tests to verify the behavior of the middleware with respect to ACLs and admin whitelisting.
- Created a new utility for checking if an IP is in a CIDR list.
- Updated various services to use `Where` clause for fetching records by ID instead of directly passing the ID to `First`, ensuring consistency in query patterns.
- Added comprehensive tests for settings queries to demonstrate and verify the fix for ID leakage issues.

README.md

@@ -280,6 +280,16 @@ docker run -d \
 
 **Install golangci-lint** (for contributors): `go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest`
 
+**GORM Security Scanner:** Charon includes an automated security scanner that detects GORM vulnerabilities (ID leaks, exposed secrets, DTO embedding issues). Run it via:
+
+```bash
+# VS Code: Command Palette → "Lint: GORM Security Scan"
+# Or via pre-commit:
+pre-commit run --hook-stage manual gorm-security-scan --all-files
+```
+
+See [GORM Security Scanner Documentation](docs/implementation/gorm_security_scanner_complete.md) for details.
+
 See [CONTRIBUTING.md](CONTRIBUTING.md) for complete development environment setup.
 
 **Note:** GitHub Actions CI uses `GOTOOLCHAIN: auto` to automatically download and use Go 1.25.6, even if your system has an older version installed. For local development, ensure you have Go 1.25.6+ installed.