Backend optimizations, frontend optimizations, and UI design improvements

Backend optimizations:
- GZip middleware for compressed responses
- Concurrent WebSocket broadcast
- Skip status polling when no clients connected
- Deduplicated token validation with caching
- Fire-and-forget HA state callbacks
- Single stat() per browser item
- Metadata caching (LRU)
- M3U playlist optimization
- Autostart setup (Task Scheduler + hidden VBS launcher)

Frontend code optimizations:
- Fix thumbnail blob URL memory leak
- Fix WebSocket ping interval leak on reconnect
- Skip artwork re-fetch when same track playing
- Deduplicate volume slider logic
- Extract magic numbers into named constants
- Standardize error handling with toast notifications
- Cache play/pause SVG constants
- Loading state management for async buttons
- Request deduplication for rapid clicks
- Cache 30+ DOM element references
- Deduplicate volume updates over WebSocket

Frontend design improvements:
- Progress bar seek thumb and hover expansion
- Custom themed scrollbars
- Toast notification accent border strips
- Keyboard focus-visible states
- Album art ambient glow effect
- Animated sliding tab indicator
- Mini-player top progress line
- Empty state SVG illustrations
- Responsive tablet breakpoint (601-900px)
- Horizontal player layout on wide screens (>900px)
- Glassmorphism mini-player with backdrop blur
- Vinyl spin animation (toggleable)
- Table horizontal scroll on narrow screens

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

media_server/auth.py

@@ -36,9 +36,7 @@ async def verify_token(
 ) -> str:
     """Verify the API token from the Authorization header.
 
-    Args:
-        request: The incoming request
-        credentials: The bearer token credentials
+    Reuses the label from middleware context when already validated.
 
     Returns:
         The token label
@@ -46,6 +44,11 @@ async def verify_token(
     Raises:
         HTTPException: If the token is missing or invalid
     """
+    # Reuse label already set by middleware to avoid redundant O(n) scan
+    existing = token_label_var.get("unknown")
+    if existing != "unknown":
+        return existing
+
     if credentials is None:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
@@ -61,7 +64,6 @@ async def verify_token(
             headers={"WWW-Authenticate": "Bearer"},
         )
 
-    # Set label in context for logging
     token_label_var.set(label)
     return label
 
@@ -120,6 +122,11 @@ async def verify_token_or_query(
     Raises:
         HTTPException: If the token is missing or invalid
     """
+    # Reuse label already set by middleware
+    existing = token_label_var.get("unknown")
+    if existing != "unknown":
+        return existing
+
     label = None
 
     # Try header first
@@ -137,6 +144,5 @@ async def verify_token_or_query(
             headers={"WWW-Authenticate": "Bearer"},
         )
 
-    # Set label in context for logging
     token_label_var.set(label)
     return label