Pin versions, add resource limits, and harden config

- Pin all Docker image tags (mysql 8.0.40, python 3.12.13-slim, node 20.20.1-alpine, nginx 1.29.6-alpine)
- Pin all frontend npm dependencies to exact versions (remove ^ ranges)
- Add mem_limit and cpus resource limits to all three containers
- Add non-root appuser to backend Dockerfile
- Migrate JWT from python-jose to PyJWT
- Remove default admin_password in config.py — must be explicitly set in .env
- Add DOCS_ENABLED flag to config and .env.example (default false)
- Add indexes on session_date, is_active, event_type in session models
- Add limit/offset pagination to all log endpoints

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

frontend/package.json

@@ -8,13 +8,13 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "axios": "^1.7.7",
-    "pinia": "^2.2.4",
-    "vue": "^3.5.12",
-    "vue-router": "^4.4.5"
+    "axios": "1.7.7",
+    "pinia": "2.2.4",
+    "vue": "3.5.12",
+    "vue-router": "4.4.5"
   },
   "devDependencies": {
-    "@vitejs/plugin-vue": "^5.1.4",
-    "vite": "^5.4.10"
+    "@vitejs/plugin-vue": "5.1.4",
+    "vite": "5.4.10"
   }
 }