Security hardening: fix SQL injection, WAF bypass, placeholder injection, and more

- C1: Replace all ClickHouse string interpolation with parameterized queries
  (query_params) to eliminate SQL injection in analytics endpoints
- C3: Strip Caddy placeholder patterns from redirect rules, protected paths,
  and Authentik auth endpoint to prevent config injection
- C4: Replace WAF custom directive blocklist with allowlist approach — only
  SecRule/SecAction/SecMarker/SecDefaultAction permitted; block ctl:ruleEngine
  and Include directives
- H2: Validate GCM authentication tag is exactly 16 bytes before decryption
- H3: Validate forward auth redirect URIs (scheme, no credentials) to prevent
  open redirects
- H4: Switch 11 analytics/WAF/geoip endpoints from session-only requireAdmin
  to requireApiAdmin supporting both Bearer token and session auth
- H5: Add input validation for instance-mode (whitelist) and sync-token
  (32-char minimum) in settings API
- M1: Add non-root user to l4-port-manager Dockerfile
- M5: Document Caddy admin API binding security rationale
- Document C2 (custom config injection) and H1 (SSRF via upstreams) as
  intentional admin features

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docker/caddy/Caddyfile

@@ -1,4 +1,7 @@
 {
+	# Bound to 0.0.0.0 within the Docker network so the web container can reach it.
+	# Port 2019 must NOT be published to the host in docker-compose.yml.
+	# The origins directive restricts which Host header values are accepted.
 	admin 0.0.0.0:2019 {
 		origins caddy:2019 localhost:2019 localhost
 	}

docker/l4-port-manager/Dockerfile

@@ -6,4 +6,7 @@ RUN apk add --no-cache bash
 COPY docker/l4-port-manager/entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
+RUN addgroup -g 1001 -S appgroup && adduser -u 1001 -S appuser -G appgroup
+USER appuser
+
 ENTRYPOINT ["/entrypoint.sh"]