Webinterface adds a third-party HTTP surface that contradicts the
DSGVO-by-default promise: it broadcasts every chat message including
filtered ChatTypes (privacy filter only covers DB writes), ships a
five-digit numeric auth code seeded from System.Random, binds on all
interfaces by default and sets cookies without security flags.
Hardening it for our threat model would land 500+ lines of code and
permanent maintenance for a feature very few users actually use. The
forks audience wants less surface, not more, so the entire feature is
being removed in a focused commit cluster. This first commit drops
the user-facing surface: settings tab class, tab registration and
the Configuration fields plus their UpdateFrom mirror.
JonKazama-Hellion
7bacd1aaba