fix: reset models.Setting struct to prevent ID leakage in queries

- Added a reset of the models.Setting struct before querying for settings in both the Manager and Cerberus components to avoid ID leakage from previous queries.
- Introduced new functions in Cerberus for checking admin authentication and admin whitelist status.
- Enhanced middleware logic to allow admin users to bypass ACL checks if their IP is whitelisted.
- Added tests to verify the behavior of the middleware with respect to ACLs and admin whitelisting.
- Created a new utility for checking if an IP is in a CIDR list.
- Updated various services to use `Where` clause for fetching records by ID instead of directly passing the ID to `First`, ensuring consistency in query patterns.
- Added comprehensive tests for settings queries to demonstrate and verify the fix for ID leakage issues.

backend/internal/api/middleware/auth_test.go

@@ -41,6 +41,29 @@ func TestAuthMiddleware_MissingHeader(t *testing.T) {
 	assert.Contains(t, w.Body.String(), "Authorization header required")
 }
 
+func TestAuthMiddleware_EmergencyBypass(t *testing.T) {
+	gin.SetMode(gin.TestMode)
+	r := gin.New()
+	r.Use(func(c *gin.Context) {
+		c.Set("emergency_bypass", true)
+		c.Next()
+	})
+	r.Use(AuthMiddleware(nil))
+	r.GET("/test", func(c *gin.Context) {
+		role, _ := c.Get("role")
+		userID, _ := c.Get("userID")
+		assert.Equal(t, "admin", role)
+		assert.Equal(t, uint(0), userID)
+		c.Status(http.StatusOK)
+	})
+
+	req, _ := http.NewRequest("GET", "/test", http.NoBody)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusOK, w.Code)
+}
+
 func TestRequireRole_Success(t *testing.T) {
 	gin.SetMode(gin.TestMode)
 	r := gin.New()