- Allow the `/health` endpoint to bypass the security middleware, ensuring container health checks succeed even if the proxy IP is banned.
- Add a test to verify health checks from banned IPs.
- Register a HEAD route for file downloads.
- Refactor admin alert status checks to use a new `isUnacknowledgedAlert` helper.
- Update the security runbook documentation with clearer instructions and examples for trusted proxy configuration.
Wire dashboard panels to real alerts, activity, boxes, and users data instead of static mock rows.
Enable working dashboard actions (close alerts, close low alerts, cleanup expired boxes, exports, and navigation).
Update storage overview to use real filesystem free/total space from the uploads volume.
Make top alert chip data-driven across admin pages.
