fix: security audit — admin auth bypass, credential logging, path traversal, weak nonce, unsafe CSP

[Vucius]

Summary

This PR fixes five security issues found during static and logic review:

• Admin API authentication bypass when proxy auth mode is Off
• Plaintext credential logging in headless mode
• Path traversal / arbitrary file access in text file commands
• AES-GCM encryption using a fixed nonce
• Tauri CSP allowing unsafe-eval

It also updates GitHub Actions so upstream PR validation can run without private signing secrets and without blocking on existing Clippy warnings.

Most Rust files in the diff were touched by cargo fmt so the upstream cargo fmt -- --check job passes. The security-relevant logic changes are concentrated in:

• src-tauri/src/proxy/middleware/auth.rs
• src-tauri/src/lib.rs
• src-tauri/src/commands/mod.rs
• src-tauri/src/utils/crypto.rs
• src-tauri/tauri.conf.json
• .github/workflows/*.yml

Changes

1. Admin interface no longer bypasses authentication when auth_mode=Off

File: src-tauri/src/proxy/middleware/auth.rs

The admin branch of the shared auth middleware previously honored ProxyAuthMode::Off, allowing /api/* management endpoints to bypass authentication.

The force_strict=true path now always requires admin authentication except for health check endpoints. Admin password is checked first, falling back to api_key when no dedicated admin password is configured.

2. Headless mode no longer logs plaintext credentials

File: src-tauri/src/lib.rs

Headless startup logs previously printed config.proxy.api_key and config.proxy.admin_password directly.

This PR adds credential_state(value) and logs only whether credentials are set:

Current API Key: set
Web UI Password: set