fix: security and reliability improvements

- Switch HTTPServer to ThreadingHTTPServer (concurrent request handling)
- Replace SHA-256 password hashing with bcrypt (auth.py, database.py)
- Add bcrypt to Dockerfile
- Move qBittorrent env vars to config.py
- Move _booklore_token state out of config into booklore.py
- Remove dead fitness_token variable in command.py
- Fix OpenAI call to use default SSL context instead of no-verify ctx
- Log swallowed budget fetch error in dashboard.py

gateway/integrations/booklore.py

@@ -5,12 +5,12 @@ Platform Gateway — Booklore integration (book library manager).
 import json
 import time
 
-from config import (
-    BOOKLORE_URL, BOOKLORE_USER, BOOKLORE_PASS,
-    BOOKLORE_BOOKS_DIR, _booklore_token,
-)
+from config import BOOKLORE_URL, BOOKLORE_USER, BOOKLORE_PASS, BOOKLORE_BOOKS_DIR
 from proxy import proxy_request
 
+# Mutable auth token state (not in config — config is for immutable values)
+_booklore_token = {"access": "", "refresh": "", "expires": 0}
+
 
 def booklore_auth():
     """Get a valid Booklore JWT token, refreshing if needed."""