security: Fix 10 vulnerabilities, remove 12 dead code instances

Critical fixes:
- Remove hardcoded admin/admin123 credentials from UserManager
- Enable JWT signature verification (was disabled for debugging)
- Redact secrets from /dev/config endpoint (was exposing os.environ)
- Remove hardcoded SSH admin/admin credentials from hardware service
- Add channel validation to prevent command injection in router interface

Rust fixes:
- Replace partial_cmp().unwrap() with .unwrap_or(Equal) to prevent
  NaN panics in 6 locations across core, signal, nn, mat crates
- Replace .expect()/.unwrap() with safe fallbacks in utils, csi_receiver
- Replace SystemTime unwrap with unwrap_or_default

Dead code removed:
- Duplicate imports (CORSMiddleware, os, Path, ABC, subprocess)
- Unused AdaptiveRateLimit/RateLimitStorage/RedisRateLimitStorage (~110 lines)
- Unused _log_authentication_event method
- Unused Confidence::new_unchecked in Rust
- Fix bare except: clause to except Exception:

https://claude.ai/code/session_01Ki7pvEZtJDvqJkmyn6B714

v1/src/hardware/csi_extractor.py

@@ -5,7 +5,6 @@ import numpy as np
 from datetime import datetime, timezone
 from typing import Dict, Any, Optional, Callable, Protocol
 from dataclasses import dataclass
-from abc import ABC, abstractmethod
 import logging
 
 

v1/src/hardware/router_interface.py

@@ -175,6 +175,9 @@ class RouterInterface:
         """
         try:
             channel = config.get('channel', 6)
+            # Validate channel is an integer in a safe range to prevent command injection
+            if not isinstance(channel, int) or not (1 <= channel <= 196):
+                raise ValueError(f"Invalid WiFi channel: {channel}. Must be an integer between 1 and 196.")
             command = f"iwconfig wlan0 channel {channel} && echo 'CSI monitoring configured'"
             await self.execute_command(command)
             return True