fix: security and reliability improvements

- Switch HTTPServer to ThreadingHTTPServer (concurrent request handling)
- Replace SHA-256 password hashing with bcrypt (auth.py, database.py)
- Add bcrypt to Dockerfile
- Move qBittorrent env vars to config.py
- Move _booklore_token state out of config into booklore.py
- Remove dead fitness_token variable in command.py
- Fix OpenAI call to use default SSL context instead of no-verify ctx
- Log swallowed budget fetch error in dashboard.py

gateway/config.py

@@ -42,6 +42,12 @@ KINDLE_LABELS = os.environ.get("KINDLE_LABELS", "Kindle 1,Kindle 2")
 KARAKEEP_URL = os.environ.get("KARAKEEP_URL", "http://192.168.1.42:3005")
 KARAKEEP_API_KEY = os.environ.get("KARAKEEP_API_KEY", "")
 
+# ── qBittorrent ──
+QBITTORRENT_HOST = os.environ.get("QBITTORRENT_HOST", "192.168.1.42")
+QBITTORRENT_PORT = os.environ.get("QBITTORRENT_PORT", "8080")
+QBITTORRENT_USERNAME = os.environ.get("QBITTORRENT_USERNAME", "admin")
+QBITTORRENT_PASSWORD = os.environ.get("QBITTORRENT_PASSWORD", "")
+
 # ── AI ──
 OPENAI_API_KEY = os.environ.get("OPENAI_API_KEY", "")
 OPENAI_MODEL = os.environ.get("OPENAI_MODEL", "gpt-5.2")
@@ -49,9 +55,6 @@ OPENAI_MODEL = os.environ.get("OPENAI_MODEL", "gpt-5.2")
 # ── Session config ──
 SESSION_MAX_AGE = int(os.environ.get("SESSION_MAX_AGE", 30 * 86400))  # 30 days
 
-# ── Shared state ──
-_booklore_token = {"access": "", "refresh": "", "expires": 0}
-
 # ── Ensure data dir exists ──
 DATA_DIR.mkdir(parents=True, exist_ok=True)