fix: restore PATCH endpoints used by E2E + emergency-token fallback

register PATCH /api/v1/settings and PATCH /api/v1/security/acl (E2E expectations)
add emergency-token-aware shortcut handlers (validate X-Emergency-Token → set admin context → invoke handler)
preserve existing POST handlers and backward compatibility
rebuild & redeploy E2E image, verified backend build success
Why: unblocked failing Playwright E2E tests that returned 404s and were blocking the hotfix release

docs/getting-started.md

@@ -149,6 +149,94 @@ docker restart charon
 CrowdSec will automatically start if it was previously enabled. The reconciliation function runs at startup and checks:
 
 1. **SecurityConfig table** for `crowdsec_mode = "local"`
+
+---
+
+## Step 1.8: Emergency Token Configuration (Development & E2E Tests)
+
+The emergency token is a security feature that allows bypassing all security modules in emergency situations (e.g., lockout scenarios). It is **required for E2E test execution** and recommended for development environments.
+
+### Purpose
+
+- **Emergency Access**: Bypass ACL, WAF, or other security modules when locked out
+- **E2E Testing**: Required for running Playwright E2E tests
+- **Audit Logged**: All uses are logged for security accountability
+
+### Generation
+
+Choose your platform:
+
+**Linux/macOS (recommended):**
+```bash
+openssl rand -hex 32
+```
+
+**Windows PowerShell:**
+```powershell
+[Convert]::ToBase64String([System.Security.Cryptography.RandomNumberGenerator]::GetBytes(32))
+```
+
+**Node.js (all platforms):**
+```bash
+node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+```
+
+### Local Development
+
+Add to `.env` file in project root:
+
+```bash
+CHARON_EMERGENCY_TOKEN=<paste_64_character_token_here>
+```
+
+**Example:**
+```bash
+CHARON_EMERGENCY_TOKEN=7b3b8a36a6fad839f1b3122131ed4b1f05453118a91b53346482415796e740e2
+```
+
+**Verify:**
+```bash
+# Token should be exactly 64 characters
+echo -n "$(grep CHARON_EMERGENCY_TOKEN .env | cut -d= -f2)" | wc -c
+```
+
+### CI/CD (GitHub Actions)
+
+For continuous integration, store the token in GitHub Secrets:
+
+1. Navigate to: **Repository Settings → Secrets and Variables → Actions**
+2. Click **"New repository secret"**
+3. **Name:** `CHARON_EMERGENCY_TOKEN`
+4. **Value:** Generate with one of the methods above
+5. Click **"Add secret"**
+
+📖 **Detailed Instructions:** See [GitHub Setup Guide](github-setup.md)
+
+### Rotation Schedule
+
+- **Recommended:** Rotate quarterly (every 3 months)
+- **Required:** After suspected compromise or team member departure
+- **Process:**
+  1. Generate new token
+  2. Update `.env` (local) and GitHub Secrets (CI/CD)
+  3. Restart services
+  4. Verify with E2E tests
+
+### Security Best Practices
+
+✅ **DO:**
+- Generate tokens using cryptographically secure methods
+- Store in `.env` (gitignored) or secrets management
+- Rotate quarterly or after security events
+- Use minimum 64 characters
+
+❌ **DON'T:**
+- Commit tokens to repository (even in examples)
+- Share tokens via email or chat
+- Use weak or predictable values
+- Reuse tokens across environments
+
+---
 2. **Settings table** for `security.crowdsec.enabled = "true"`
 3. **Starts CrowdSec** if either condition is true