Fix Phase 5 review issues: SSTI, FK violation, sync rebuild

Fixes 5 issues identified by code-reviewer agent:

1. (Critical) EventLog.tracker_id now nullable - use None instead
   of 0 when tracker name doesn't match, avoiding FK constraint
   violations on PostgreSQL
2. (Critical) Replace jinja2.Environment with SandboxedEnvironment
   in all 3 server template rendering locations to prevent SSTI
3. (Important) Rebuild sync_client in _async_update_listener when
   server URL/key options change, propagate to all coordinators
4. (Important) Validate partial server config - require both URL
   and API key or neither, with clear error message
5. (Important) Name fire-and-forget sync task for debugging

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

packages/server/src/immich_watcher_server/api/sync.py

@@ -136,7 +136,7 @@ async def render_template(
         raise HTTPException(status_code=404, detail="Template not found")
 
     try:
-        env = jinja2.Environment(autoescape=False)
+        env = jinja2.sandbox.SandboxedEnvironment(autoescape=False)
         tmpl = env.from_string(template.body)
         rendered = tmpl.render(**body.context)
         return {"rendered": rendered}
@@ -161,7 +161,7 @@ async def report_event(
     tracker = result.first()
 
     event = EventLog(
-        tracker_id=tracker.id if tracker else 0,
+        tracker_id=tracker.id if tracker else None,
         event_type=body.event_type,
         album_id=body.album_id,
         album_name=body.album_name,

packages/server/src/immich_watcher_server/api/templates.py

@@ -124,7 +124,7 @@ async def preview_template(
     """Render a template with sample data."""
     template = await _get_user_template(session, template_id, user.id)
     try:
-        env = jinja2.Environment(autoescape=False)
+        env = jinja2.sandbox.SandboxedEnvironment(autoescape=False)
         tmpl = env.from_string(template.body)
         rendered = tmpl.render(**_SAMPLE_CONTEXT)
         return {"rendered": rendered}