feat(config): add security feature toggle support

Implements a master toggle for security features across config,
CLI, and application logic. This allows granular control over
whether the advanced security middleware and protections are
active globally.

lib/config/load.go

@@ -27,6 +27,7 @@ func Load() (*Config, error) {
 		ThumbnailBatchSize:            10,
 		ThumbnailIntervalSeconds:      30,
 		ActivityRetentionSeconds:      7 * 24 * 60 * 60,
+		SecurityEnabled:               true,
 		SecurityLoginWindowSeconds:    10 * 60,
 		SecurityLoginMaxAttempts:      8,
 		SecurityBanSeconds:            30 * 60,
@@ -91,6 +92,7 @@ func Load() (*Config, error) {
 		{SettingOneTimeDownloadRetryFail, "WARPBOX_ONE_TIME_DOWNLOAD_RETRY_ON_FAILURE", &cfg.OneTimeDownloadRetryOnFailure},
 		{SettingRenewOnAccessEnabled, "WARPBOX_RENEW_ON_ACCESS_ENABLED", &cfg.RenewOnAccessEnabled},
 		{SettingRenewOnDownloadEnabled, "WARPBOX_RENEW_ON_DOWNLOAD_ENABLED", &cfg.RenewOnDownloadEnabled},
+		{SettingSecurityEnabled, "WARPBOX_SECURITY_ENABLED", &cfg.SecurityEnabled},
 	}
 	for _, item := range envBools {
 		if err := cfg.applyBoolEnv(item.key, item.name, item.target); err != nil {
@@ -209,6 +211,7 @@ func (cfg *Config) captureDefaults() {
 	cfg.captureDefaultValue(SettingThumbnailBatchSize, strconv.Itoa(cfg.ThumbnailBatchSize))
 	cfg.captureDefaultValue(SettingThumbnailIntervalSeconds, strconv.Itoa(cfg.ThumbnailIntervalSeconds))
 	cfg.captureDefaultValue(SettingActivityRetentionSeconds, strconv.FormatInt(cfg.ActivityRetentionSeconds, 10))
+	cfg.captureDefaultValue(SettingSecurityEnabled, formatBool(cfg.SecurityEnabled))
 	cfg.captureDefaultValue(SettingSecurityIPWhitelist, cfg.SecurityIPWhitelist)
 	cfg.captureDefaultValue(SettingSecurityAdminIPWhitelist, cfg.SecurityAdminIPWhitelist)
 	cfg.captureDefaultValue(SettingTrustedProxyCIDRs, cfg.TrustedProxyCIDRs)