refactor: comprehensive code review fixes and security hardening

Security:
- Add CSP headers for HTML reports (style-src 'unsafe-inline')
- Restrict origin validation to specific .kappa-d8e.workers.dev domain
- Add base64 size limit (100KB) for report data parameter
- Implement rejection sampling for unbiased password generation
- Add SQL LIKE pattern escaping for tech specs query
- Add security warning for plaintext password storage (TODO: encrypt)

Performance:
- Add Telegram API timeout (10s) with AbortController
- Fix rate limiter sorting by resetTime for proper cleanup
- Use centralized TIMEOUTS config for VPS provider APIs

Features:
- Add admin SSH key support for server recovery access
  - ADMIN_SSH_PUBLIC_KEY for Linode (public key string)
  - ADMIN_SSH_KEY_ID_VULTR for Vultr (pre-registered key ID)
- Add origin validation middleware
- Add idempotency key migration

Code Quality:
- Return 404 status when no servers found
- Consolidate error logging to single JSON.stringify call
- Import TECH_CATEGORY_WEIGHTS from config.ts
- Add escapeLikePattern utility function

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

migrations/004_add_idempotency_key.sql

@@ -0,0 +1,17 @@
+-- Migration: Add idempotency_key column to server_orders table
+-- Purpose: Prevent duplicate order creation on Queue retry
+-- Date: 2026-01-28
+
+-- Note: This migration should be run on telegram-conversations database (USER_DB)
+-- SQLite doesn't allow adding UNIQUE column directly, so we add column + UNIQUE INDEX
+
+-- Step 1: Add idempotency_key column (without UNIQUE constraint)
+ALTER TABLE server_orders ADD COLUMN idempotency_key TEXT;
+
+-- Step 2: Create UNIQUE index (this enforces uniqueness for non-NULL values)
+CREATE UNIQUE INDEX IF NOT EXISTS idx_server_orders_idempotency_unique
+  ON server_orders(idempotency_key)
+  WHERE idempotency_key IS NOT NULL;
+
+-- Verification query (run after migration):
+-- SELECT name, sql FROM sqlite_master WHERE type='index' AND tbl_name='server_orders' AND name LIKE '%idempotency%';