Harden security: name validation, scoped sudoers, safe.directory

- Add ValidateName() enforcing ^[a-z][a-z0-9-]{0,62}$ on all entry points
- Tighten sudoers to restrict cp sources/destinations and chown targets
- Scope git safe.directory to www-data user only (preserves CVE-2022-24765)
- Add www-data to git group and caddy to www-data group for fcgiwrap
- Fix vanity import template to use orig_uri placeholder
- Restart (not reload) services after group changes
- Add name validation to env subcommands and deploy_cmd

0 files changed, 0 insertions, 0 deletions