fix: XSS escaping, null guards, JS bug fixes, and documentation updates

- Escape $serverObject and $systemUrl in AdminHTML.php heredocs to prevent XSS
- Add null guard in Database::getSystemUrl() to prevent fatal error
- Guard primaryNetwork access in module.js to prevent null dereference
- Reset badge/traffic-bar CSS classes on refresh to prevent accumulation
- Add VNC popup-blocked check with user-facing message
- Add BS3 input-group-btn dual class for theme compatibility
- Escape billing template variables with |escape:'htmlall'
- Add cache-busting to admin CSS/JS includes
- Switch cache-busting format from version to date-based (20260207)
- Create .releaserc.json for automated CHANGELOG.md management
- Add changelog/git plugins to semantic-release workflow
- Remove manual [Unreleased] section from CHANGELOG.md
- Update README: install/upgrade with rsync, accuracy fixes, add keygen.js
- Update CLAUDE.md: add keygen.js, document removed features
- Fix SECURITY.md grammar and version operator

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.github/workflows/publish-release.yml

@@ -26,6 +26,9 @@ jobs:
         with:
           # You can specify the branches to release from
           branch: main
+          extra_plugins: |
+            @semantic-release/changelog
+            @semantic-release/git
         env:
           # GITHUB_TOKEN is required for authentication
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}