feat(security): implement AES-256-GCM encryption for API keys and HMAC-signed session tokens

This commit introduces:
- AES-256-GCM encryption for LLM provider API keys in the database.
- HMAC-SHA256 signed session tokens with activity-based refresh logic.
- Standardized frontend XSS protection using a global escapeHtml utility.
- Hardened security headers and request body size limits.
- Improved database integrity with foreign key enforcement and atomic transactions.
- Integration tests for the full encrypted key storage and proxy usage lifecycle.

src/server/mod.rs

@@ -5,6 +5,11 @@ use axum::{
     response::sse::{Event, Sse},
     routing::{get, post},
 };
+use axum::http::{header, HeaderValue};
+use tower_http::{
+    limit::RequestBodyLimitLayer,
+    set_header::SetResponseHeaderLayer,
+};
 
 use futures::StreamExt;
 use std::sync::Arc;
@@ -23,9 +28,34 @@ use crate::{
 };
 
 pub fn router(state: AppState) -> Router {
+    // Security headers
+    let csp_header: SetResponseHeaderLayer<HeaderValue> = SetResponseHeaderLayer::overriding(
+        header::CONTENT_SECURITY_POLICY,
+        "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' ws:;"
+            .parse()
+            .unwrap(),
+    );
+    let x_frame_options: SetResponseHeaderLayer<HeaderValue> = SetResponseHeaderLayer::overriding(
+        header::X_FRAME_OPTIONS,
+        "DENY".parse().unwrap(),
+    );
+    let x_content_type_options: SetResponseHeaderLayer<HeaderValue> = SetResponseHeaderLayer::overriding(
+        header::X_CONTENT_TYPE_OPTIONS,
+        "nosniff".parse().unwrap(),
+    );
+    let strict_transport_security: SetResponseHeaderLayer<HeaderValue> = SetResponseHeaderLayer::overriding(
+        header::STRICT_TRANSPORT_SECURITY,
+        "max-age=31536000; includeSubDomains".parse().unwrap(),
+    );
+
     Router::new()
         .route("/v1/chat/completions", post(chat_completions))
         .route("/v1/models", get(list_models))
+        .layer(RequestBodyLimitLayer::new(10 * 1024 * 1024)) // 10 MB limit
+        .layer(csp_header)
+        .layer(x_frame_options)
+        .layer(x_content_type_options)
+        .layer(strict_transport_security)
         .layer(axum::middleware::from_fn_with_state(
             state.clone(),
             rate_limiting::middleware::rate_limit_middleware,
@@ -219,7 +249,6 @@ async fn chat_completions(
                         prompt_tokens,
                         has_images,
                         logger: state.request_logger.clone(),
-                        client_manager: state.client_manager.clone(),
                         model_registry: state.model_registry.clone(),
                         model_config_cache: state.model_config_cache.clone(),
                     },
@@ -341,15 +370,6 @@ async fn chat_completions(
                     duration_ms: duration.as_millis() as u64,
                 });
 
-                // Update client usage (fire-and-forget, don't block response)
-                {
-                    let cm = state.client_manager.clone();
-                    let cid = client_id.clone();
-                    tokio::spawn(async move {
-                        let _ = cm.update_client_usage(&cid, response.total_tokens as i64, cost).await;
-                    });
-                }
-
                 // Convert ProviderResponse to ChatCompletionResponse
                 let finish_reason = if response.tool_calls.is_some() {
                     "tool_calls".to_string()