fix: security and reliability improvements

- Switch HTTPServer to ThreadingHTTPServer (concurrent request handling)
- Replace SHA-256 password hashing with bcrypt (auth.py, database.py)
- Add bcrypt to Dockerfile
- Move qBittorrent env vars to config.py
- Move _booklore_token state out of config into booklore.py
- Remove dead fitness_token variable in command.py
- Fix OpenAI call to use default SSL context instead of no-verify ctx
- Log swallowed budget fetch error in dashboard.py

gateway/command.py

@@ -6,9 +6,7 @@ import json
 import urllib.request
 from datetime import datetime
 
-from config import (
-    OPENAI_API_KEY, OPENAI_MODEL, TRIPS_URL, _ssl_ctx,
-)
+from config import OPENAI_API_KEY, OPENAI_MODEL, TRIPS_URL
 from sessions import get_service_token
 import proxy as _proxy_module
 from proxy import proxy_request
@@ -33,7 +31,6 @@ def handle_command(handler, user, body):
 
     # Get context: user's trips list and today's date
     trips_token = get_service_token(user["id"], "trips")
-    fitness_token = get_service_token(user["id"], "fitness")
 
     trips_context = ""
     if trips_token:
@@ -116,7 +113,7 @@ Guidelines:
             method="POST"
         )
 
-        with urllib.request.urlopen(req, context=_ssl_ctx, timeout=30) as resp:
+        with urllib.request.urlopen(req, timeout=30) as resp:
             ai_result = json.loads(resp.read().decode())
             ai_text = ai_result["choices"][0]["message"]["content"]