feat: add comprehensive REST API with token auth, OpenAPI docs, and full test coverage

- API token model (SHA-256 hashed, debounced lastUsedAt) with Bearer auth
- Dual auth middleware (session + API token) in src/lib/api-auth.ts
- 23 REST endpoints under /api/v1/ covering all functionality:
  tokens, proxy-hosts, l4-proxy-hosts, certificates, ca-certificates,
  client-certificates, access-lists, settings, instances, users,
  audit-log, caddy/apply
- OpenAPI 3.1 spec at /api/v1/openapi.json with fully typed schemas
- Swagger UI docs page at /api-docs in the dashboard
- API token management integrated into the Profile page
- Fix: next build now works under Node.js (bun:sqlite aliased to better-sqlite3)
- 89 new API route unit tests + 11 integration tests (592 total)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

app/api/v1/proxy-hosts/route.ts

@@ -0,0 +1,24 @@
+import { NextRequest, NextResponse } from "next/server";
+import { requireApiAdmin, apiErrorResponse } from "@/src/lib/api-auth";
+import { listProxyHosts, createProxyHost } from "@/src/lib/models/proxy-hosts";
+
+export async function GET(request: NextRequest) {
+  try {
+    await requireApiAdmin(request);
+    const hosts = await listProxyHosts();
+    return NextResponse.json(hosts);
+  } catch (error) {
+    return apiErrorResponse(error);
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const { userId } = await requireApiAdmin(request);
+    const body = await request.json();
+    const host = await createProxyHost(body, userId);
+    return NextResponse.json(host, { status: 201 });
+  } catch (error) {
+    return apiErrorResponse(error);
+  }
+}