Fix Phase 5 review issues: SSTI, FK violation, sync rebuild

Fixes 5 issues identified by code-reviewer agent:

1. (Critical) EventLog.tracker_id now nullable - use None instead
   of 0 when tracker name doesn't match, avoiding FK constraint
   violations on PostgreSQL
2. (Critical) Replace jinja2.Environment with SandboxedEnvironment
   in all 3 server template rendering locations to prevent SSTI
3. (Important) Rebuild sync_client in _async_update_listener when
   server URL/key options change, propagate to all coordinators
4. (Important) Validate partial server config - require both URL
   and API key or neither, with clear error message
5. (Important) Name fire-and-forget sync task for debugging

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

custom_components/immich_album_watcher/config_flow.py

@@ -252,7 +252,9 @@ class ImmichAlbumWatcherOptionsFlow(OptionsFlow):
             # Validate server connection if URL is provided
             server_url = user_input.get(CONF_SERVER_URL, "").strip()
             server_api_key = user_input.get(CONF_SERVER_API_KEY, "").strip()
-            if server_url and server_api_key:
+            if bool(server_url) != bool(server_api_key):
+                errors["base"] = "server_partial_config"
+            elif server_url and server_api_key:
                 try:
                     session = async_get_clientsession(self.hass)
                     async with session.get(