feat(security): implement self-lockout protection and admin whitelist

- Added SecurityConfig model to manage Cerberus settings including admin whitelist and break-glass token.
- Introduced SecurityService for handling security configurations and token generation.
- Updated Manager to check for admin whitelist before applying configurations to prevent accidental lockouts.
- Enhanced frontend with hooks and API calls for managing security settings and generating break-glass tokens.
- Updated documentation to include self-lockout protection measures and best practices for using Cerberus.

frontend/src/api/security.ts

@@ -24,3 +24,38 @@ export const getSecurityStatus = async (): Promise<SecurityStatus> => {
   const response = await client.get<SecurityStatus>('/security/status')
   return response.data
 }
+
+export interface SecurityConfigPayload {
+  name?: string
+  enabled?: boolean
+  admin_whitelist?: string
+  crowdsec_mode?: string
+  waf_mode?: string
+  rate_limit_enable?: boolean
+  rate_limit_burst?: number
+}
+
+export const getSecurityConfig = async () => {
+  const response = await client.get('/security/config')
+  return response.data
+}
+
+export const updateSecurityConfig = async (payload: SecurityConfigPayload) => {
+  const response = await client.post('/security/config', payload)
+  return response.data
+}
+
+export const generateBreakGlassToken = async () => {
+  const response = await client.post('/security/breakglass/generate')
+  return response.data
+}
+
+export const enableCerberus = async (payload?: any) => {
+  const response = await client.post('/security/enable', payload || {})
+  return response.data
+}
+
+export const disableCerberus = async (payload?: any) => {
+  const response = await client.post('/security/disable', payload || {})
+  return response.data
+}