fix: remove invalid trusted_proxies structure causing 500 error on proxy host save

Remove handler-level `trusted_proxies` configuration from ReverseProxyHandler that was
using an invalid object structure. Caddy's reverse_proxy handler expects trusted_proxies
to be an array of CIDR strings, not an object with {source, ranges}.

The server-level trusted_proxies configuration in config.go already provides equivalent
IP spoofing protection globally for all routes, making the handler-level setting redundant.

Changes:
- backend: Remove lines 184-189 from internal/caddy/types.go
- backend: Update 3 unit tests to remove handler-level trusted_proxies assertions
- docs: Document fix in CHANGELOG.md

Fixes: #[issue-number] (500 error when saving proxy hosts)

Tests: All 84 backend tests pass (84.6% coverage)
Security: Trivy + govulncheck clean, no vulnerabilities

docs/reports/precommit_performance_diagnosis.md

@@ -29,7 +29,7 @@ Based on `.pre-commit-config.yaml`, the following hooks are configured:
 
 #### Local Hooks - Active (run on every commit)
 
-5. **dockerfile-check** - Fast (only on Dockerfile changes)
+1. **dockerfile-check** - Fast (only on Dockerfile changes)
 2. **go-test-coverage** - **⚠️ CULPRIT - HANGS INDEFINITELY**
 3. **go-vet** - Moderate (~1-2 seconds)
 4. **check-version-match** - Fast (only on .version changes)
@@ -41,7 +41,7 @@ Based on `.pre-commit-config.yaml`, the following hooks are configured:
 
 #### Local Hooks - Manual Stage (only run explicitly)
 
-14. **go-test-race** - Manual only
+1. **go-test-race** - Manual only
 2. **golangci-lint** - Manual only
 3. **hadolint** - Manual only
 4. **frontend-test-coverage** - Manual only
@@ -49,7 +49,7 @@ Based on `.pre-commit-config.yaml`, the following hooks are configured:
 
 #### Third-party Hooks - Manual Stage
 
-19. **markdownlint** - Manual only
+1. **markdownlint** - Manual only
 
 ---