feat: 添加安全模块 + Dockerfile添加curl支持健康检查

主要更新:
- 新增 security/ 安全模块 (风险评估、威胁检测、蜜罐等)
- Dockerfile 添加 curl 以支持 Docker 健康检查
- 前端页面更新 (管理后台、用户端)
- 数据库迁移和 schema 更新
- 新增 kdocs 上传服务
- 添加安全相关测试用例

Co-Authored-By: Claude <noreply@anthropic.com>

database.py

@@ -24,15 +24,11 @@ from db.schema import ensure_schema
 from db.migrations import migrate_database as _migrate_database
 from db.admin import (
     admin_reset_user_password,
-    approve_password_reset,
     clean_old_operation_logs,
-    create_password_reset_request,
     ensure_default_admin,
     get_hourly_registration_count,
-    get_pending_password_resets,
     get_system_config_raw as _get_system_config_raw,
     get_system_stats,
-    reject_password_reset,
     update_admin_password,
     update_admin_username,
     update_system_config as _update_system_config,
@@ -44,6 +40,7 @@ from db.accounts import (
     delete_user_accounts,
     get_account,
     get_account_status,
+    get_account_status_batch,
     get_user_accounts,
     increment_account_login_fail,
     reset_account_login_status,
@@ -103,6 +100,7 @@ from db.users import (
     get_pending_users,
     get_user_by_id,
     get_user_by_username,
+    get_user_kdocs_settings,
     get_user_stats,
     get_user_vip_info,
     get_vip_config,
@@ -111,6 +109,7 @@ from db.users import (
     remove_user_vip,
     set_default_vip_days,
     set_user_vip,
+    update_user_kdocs_settings,
     verify_user,
 )
 from db.security import record_login_context
@@ -121,7 +120,7 @@ config = get_config()
 DB_FILE = config.DB_FILE
 
 # 数据库版本 (用于迁移管理)
-DB_VERSION = 12
+DB_VERSION = 17
 
 
 # ==================== 系统配置缓存（P1 / O-03） ====================
@@ -190,12 +189,24 @@ def update_system_config(
     schedule_weekdays=None,
     max_concurrent_per_account=None,
     max_screenshot_concurrent=None,
+    enable_screenshot=None,
     proxy_enabled=None,
     proxy_api_url=None,
     proxy_expire_minutes=None,
     auto_approve_enabled=None,
     auto_approve_hourly_limit=None,
     auto_approve_vip_days=None,
+    kdocs_enabled=None,
+    kdocs_doc_url=None,
+    kdocs_default_unit=None,
+    kdocs_sheet_name=None,
+    kdocs_sheet_index=None,
+    kdocs_unit_column=None,
+    kdocs_image_column=None,
+    kdocs_admin_notify_enabled=None,
+    kdocs_admin_notify_email=None,
+    kdocs_row_start=None,
+    kdocs_row_end=None,
 ):
     """更新系统配置（写入后立即失效缓存）。"""
     ok = _update_system_config(
@@ -206,12 +217,24 @@ def update_system_config(
         schedule_weekdays=schedule_weekdays,
         max_concurrent_per_account=max_concurrent_per_account,
         max_screenshot_concurrent=max_screenshot_concurrent,
+        enable_screenshot=enable_screenshot,
         proxy_enabled=proxy_enabled,
         proxy_api_url=proxy_api_url,
         proxy_expire_minutes=proxy_expire_minutes,
         auto_approve_enabled=auto_approve_enabled,
         auto_approve_hourly_limit=auto_approve_hourly_limit,
         auto_approve_vip_days=auto_approve_vip_days,
+        kdocs_enabled=kdocs_enabled,
+        kdocs_doc_url=kdocs_doc_url,
+        kdocs_default_unit=kdocs_default_unit,
+        kdocs_sheet_name=kdocs_sheet_name,
+        kdocs_sheet_index=kdocs_sheet_index,
+        kdocs_unit_column=kdocs_unit_column,
+        kdocs_image_column=kdocs_image_column,
+        kdocs_admin_notify_enabled=kdocs_admin_notify_enabled,
+        kdocs_admin_notify_email=kdocs_admin_notify_email,
+        kdocs_row_start=kdocs_row_start,
+        kdocs_row_end=kdocs_row_end,
     )
     if ok:
         invalidate_system_config_cache()