Comprehensive review fixes: security, performance, code quality, and UI polish

Backend: Fix CORS wildcard+credentials, add secret key warning, remove raw
API keys from sync endpoint, fix N+1 queries in watcher/sync, fix
AttributeError on event_types, delete dead scheduled.py/templates.py,
add limit cap on history, re-validate server on URL/key update, apply
tracking/template config IDs in update_target.

HA Integration: Replace datetime.now() with dt_util.now(), fix notification
queue to only remove successfully sent items, use album UUID for entity
unique IDs, add shared links dirty flag and users cache hourly refresh,
deduplicate _is_quiet_hours, add HTTP timeouts, cache albums in config
flow, change iot_class to local_polling.

Frontend: Make i18n reactive via $state (remove window.location.reload),
add Modal transitions/a11y/Escape key, create ConfirmModal replacing all
confirm() calls, add error handling to all pages, replace Unicode nav
icons with MDI SVGs, add card hover effects, dashboard stat icons, global
focus-visible styles, form slide transitions, mobile responsive bottom
nav, fix password error color, add ~20 i18n keys (EN/RU).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

frontend/src/routes/users/+page.svelte

@@ -7,6 +7,7 @@
 	import Card from '$lib/components/Card.svelte';
 	import Loading from '$lib/components/Loading.svelte';
 	import Modal from '$lib/components/Modal.svelte';
+	import ConfirmModal from '$lib/components/ConfirmModal.svelte';
 
 	const auth = getAuth();
 	let users = $state<any[]>([]);
@@ -14,35 +15,48 @@
 	let form = $state({ username: '', password: '', role: 'user' });
 	let error = $state('');
 	let loaded = $state(false);
+	let confirmDelete = $state<any>(null);
 
 	// Admin reset password
 	let resetUserId = $state<number | null>(null);
 	let resetUsername = $state('');
 	let resetPassword = $state('');
 	let resetMsg = $state('');
+	let resetSuccess = $state(false);
 
 	onMount(load);
-	async function load() { try { users = await api('/users'); } catch {} finally { loaded = true; } }
+	async function load() {
+		try { users = await api('/users'); }
+		catch (err: any) { error = err.message || t('common.loadError'); }
+		finally { loaded = true; }
+	}
 
 	async function create(e: SubmitEvent) {
 		e.preventDefault(); error = '';
 		try { await api('/users', { method: 'POST', body: JSON.stringify(form) }); form = { username: '', password: '', role: 'user' }; showForm = false; await load(); }
 		catch (err: any) { error = err.message; }
 	}
-	async function remove(id: number) {
-		if (!confirm(t('users.confirmDelete'))) return;
-		try { await api(`/users/${id}`, { method: 'DELETE' }); await load(); } catch (err: any) { alert(err.message); }
+	function remove(id: number) {
+		confirmDelete = {
+			id,
+			onconfirm: async () => {
+				try { await api(`/users/${id}`, { method: 'DELETE' }); await load(); }
+				catch (err: any) { error = err.message; }
+				finally { confirmDelete = null; }
+			}
+		};
 	}
 	function openResetPassword(user: any) {
-		resetUserId = user.id; resetUsername = user.username; resetPassword = ''; resetMsg = '';
+		resetUserId = user.id; resetUsername = user.username; resetPassword = ''; resetMsg = ''; resetSuccess = false;
 	}
 	async function resetUserPassword(e: SubmitEvent) {
-		e.preventDefault(); resetMsg = '';
+		e.preventDefault(); resetMsg = ''; resetSuccess = false;
 		try {
 			await api(`/users/${resetUserId}/password`, { method: 'PUT', body: JSON.stringify({ new_password: resetPassword }) });
 			resetMsg = t('common.passwordChanged');
-			setTimeout(() => { resetUserId = null; resetMsg = ''; }, 2000);
-		} catch (err: any) { resetMsg = err.message; }
+			resetSuccess = true;
+			setTimeout(() => { resetUserId = null; resetMsg = ''; resetSuccess = false; }, 2000);
+		} catch (err: any) { resetMsg = err.message; resetSuccess = false; }
 	}
 </script>
 
@@ -81,7 +95,7 @@
 
 <div class="space-y-3">
 	{#each users as user}
-		<Card>
+		<Card hover>
 			<div class="flex items-center justify-between">
 				<div>
 					<p class="font-medium">{user.username}</p>
@@ -101,7 +115,7 @@
 {/if}
 
 <!-- Admin reset password modal -->
-<Modal open={resetUserId !== null} title="{t('common.changePassword')}: {resetUsername}" onclose={() => { resetUserId = null; resetMsg = ''; }}>
+<Modal open={resetUserId !== null} title="{t('common.changePassword')}: {resetUsername}" onclose={() => { resetUserId = null; resetMsg = ''; resetSuccess = false; }}>
 	<form onsubmit={resetUserPassword} class="space-y-3">
 		<div>
 			<label for="reset-pwd" class="block text-sm font-medium mb-1">{t('common.newPassword')}</label>
@@ -109,10 +123,13 @@
 				class="w-full px-3 py-2 border border-[var(--color-border)] rounded-md text-sm bg-[var(--color-background)]" />
 		</div>
 		{#if resetMsg}
-			<p class="text-sm {resetMsg.includes(t('common.passwordChanged')) ? 'text-[var(--color-success-fg)]' : 'text-[var(--color-error-fg)]'}">{resetMsg}</p>
+			<p class="text-sm {resetSuccess ? 'text-[var(--color-success-fg)]' : 'text-[var(--color-error-fg)]'}">{resetMsg}</p>
 		{/if}
 		<button type="submit" class="w-full py-2 bg-[var(--color-primary)] text-[var(--color-primary-foreground)] rounded-md text-sm font-medium hover:opacity-90">
 			{t('common.save')}
 		</button>
 	</form>
 </Modal>
+
+<ConfirmModal open={confirmDelete !== null} message={t('users.confirmDelete')}
+	onconfirm={() => confirmDelete?.onconfirm()} oncancel={() => confirmDelete = null} />