security: workbook path allowlist + stronger image polyglot validation (#54)

- dispo workbook imports are pinned to DISPO_IMPORT_DIR (default ./imports):
  tRPC input rejects absolute paths and .. segments, runtime reader
  re-validates containment via path.relative. Closes a path-traversal
  class that reached ExcelJS CVEs through admin/compromised tokens.
- image validator now checks the full 8-byte PNG magic, enforces PNG IEND
  and JPEG EOI trailers, scans the decoded buffer for markup polyglot
  markers (<script, <svg, <iframe, javascript:, onerror=, ...), and
  explicitly rejects SVG. Provider-generated covers (DALL-E, Gemini) run
  through the same validator before persistence — an untrusted upstream
  cannot smuggle a stored-XSS payload past us.
- added image-validation.test.ts and tightened documentation.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

.env.example

@@ -97,6 +97,15 @@ PGADMIN_PASSWORD=
 # If not set, Sentry is disabled (SDK is installed but sends nothing).
 # NEXT_PUBLIC_SENTRY_DSN=
 
+# ─── Dispo import ────────────────────────────────────────────────────────────
+
+# Absolute directory that dispo .xlsx workbook imports must live under. The
+# tRPC surface only accepts relative paths and the runtime reader re-validates
+# that any resolved path remains inside this directory; this prevents an
+# admin (or compromised admin token) from pointing the parser at arbitrary
+# files on disk and reaching ExcelJS CVEs. Defaults to ./imports if unset.
+# DISPO_IMPORT_DIR=/var/lib/capakraken/imports
+
 # ─── Testing (never enable in production) ────────────────────────────────────
 
 # Disables rate limiting and session tracking during end-to-end tests.