fix: require auth for geoip-status endpoint

Remove /api/geoip-status from the middleware public routes allowlist so
unauthenticated requests are rejected before reaching the route handler.
The route handler already has requireUser() for defense-in-depth.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

proxy.ts

@@ -18,7 +18,6 @@ export default auth((req) => {
     pathname === "/login" ||
     pathname.startsWith("/api/auth") ||
     pathname === "/api/health" ||
-    pathname === "/api/geoip-status" ||
     pathname === "/api/instances/sync"
   ) {
     return NextResponse.next();