feat: add eslint, image upload, tests, splash tagline, security hooks

- Restore CLAUDE.md with project conventions
- ESLint config with vue3-recommended + typescript
- Image upload endpoint (POST /api/admin/upload) with 5MB limit
- Admin product form now supports image upload/preview/removal
- Vitest config + 19 tests (crypto, validation, btcpay webhook, types)
- Restore .claude/ security hooks (block-risky-bash, protect-files)
- Logo splash now shows "EVERYTHING YOU LOVE IS A PSYOP" tagline
- Add .vite/ to gitignore

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

tests/server/validate.test.ts

@@ -0,0 +1,47 @@
+import { describe, it, expect } from 'vitest'
+import { sanitizeString, sanitizeInt } from '../../server/middleware/validate.js'
+
+describe('sanitizeString', () => {
+  it('trims whitespace', () => {
+    expect(sanitizeString('  hello  ')).toBe('hello')
+  })
+
+  it('truncates to 10000 chars', () => {
+    const long = 'a'.repeat(20_000)
+    expect(sanitizeString(long)).toHaveLength(10_000)
+  })
+
+  it('returns empty string for non-string input', () => {
+    expect(sanitizeString(123)).toBe('')
+    expect(sanitizeString(null)).toBe('')
+    expect(sanitizeString(undefined)).toBe('')
+  })
+})
+
+describe('sanitizeInt', () => {
+  it('accepts valid positive integers', () => {
+    expect(sanitizeInt(42)).toBe(42)
+    expect(sanitizeInt(0)).toBe(0)
+    expect(sanitizeInt(100_000)).toBe(100_000)
+  })
+
+  it('rejects negative numbers', () => {
+    expect(sanitizeInt(-1)).toBeNull()
+    expect(sanitizeInt(-100)).toBeNull()
+  })
+
+  it('rejects floats', () => {
+    expect(sanitizeInt(1.5)).toBeNull()
+    expect(sanitizeInt(0.001)).toBeNull()
+  })
+
+  it('rejects non-numeric input', () => {
+    expect(sanitizeInt('abc')).toBeNull()
+    expect(sanitizeInt(NaN)).toBeNull()
+  })
+
+  it('converts string numbers', () => {
+    expect(sanitizeInt('42')).toBe(42)
+    expect(sanitizeInt('0')).toBe(0)
+  })
+})