refactor: comprehensive codebase review — security, performance, quality, UX

Security:
- Fix NUT protocol command injection (validate names against safe regex)
- Enable Jinja2 autoescape=True to prevent HTML injection via external data
- Add WebhookProviderConfig validation model

Performance:
- Shared aiohttp.ClientSession singleton (replaces 40+ per-request sessions)
- Fix 4 N+1 queries with batch IN loads (poller, scheduler, memory, broadcast)
- asyncio.gather for Gitea commands and notification dispatcher
- Add DB indexes on NotificationTrackerState.tracker_id, CommandTrackerListener
- LRU cache for compiled Jinja2 templates
- Daily EventLog cleanup job (90-day retention)
- 30s HTTP timeout on all external calls
- GROUP BY for target type counts (replaces 7 sequential queries)

Code quality:
- Extract get_owned_entity() helper (replaces 11 duplicate functions)
- Extract slot_helpers.py (load_slots, save_slots, render_template_preview)
- Extract command_utils.py (tracker lookup, last event, collection IDs)
- Extract http_session.py (shared session lifecycle)
- Provider connection validation dedup (3x → 1 helper)
- Command dispatch tables replacing if/elif chains
- Album+links fetch helper (fetch_albums_with_links)
- Provider dispatch polymorphism (list_provider_collections)
- Immutable _enrich_assets (no longer mutates in-place)
- Fix _format_assets return type + handler unpacking

Frontend:
- Fix 18+ hardcoded English strings → t() with new i18n keys (en + ru)
- Mobile "More" nav panel with provider filter and search
- Shared Button.svelte component (4 variants, 2 sizes)
- Shared ErrorBanner.svelte component (8 pages updated)
- SvelteKit goto() replacing window.location.href
- Dashboard grid fixed for 4 cards, paginator opacity consistency

Functionality:
- max_instances=1 on scheduler jobs (prevents duplicate events)
- Webhook provider in watcher (prevents error spam)
- Fix stale SQLModel reference in poller
- Gitea get_repo() direct API call

packages/server/src/notify_bridge_server/commands/base.py

@@ -3,9 +3,18 @@
 from __future__ import annotations
 
 from abc import ABC, abstractmethod
+from dataclasses import dataclass, field
 from typing import Any
 
-from ..database.models import CommandTracker, CommandConfig, ServiceProvider, TelegramBot
+from ..database.models import CommandConfig, CommandTracker, ServiceProvider, TelegramBot
+
+
+@dataclass(frozen=True)
+class CommandResponse:
+    """A single response from one tracker's command execution."""
+
+    text: str | None = None
+    media: list[dict[str, Any]] = field(default_factory=list)
 
 
 class ProviderCommandHandler(ABC):
@@ -14,6 +23,8 @@ class ProviderCommandHandler(ABC):
     Each provider (Immich, Gitea, etc.) implements this interface to handle
     its own set of commands. The dispatch layer routes commands to the
     correct handler based on the provider type.
+
+    Each handler call receives a single (tracker, config, provider) context.
     """
 
     provider_type: str
@@ -35,26 +46,28 @@ class ProviderCommandHandler(ABC):
         count: int,
         locale: str,
         response_mode: str,
-        providers_map: dict[int, ServiceProvider],
+        provider: ServiceProvider,
         cmd_templates: dict[str, dict[str, str]],
         bot: TelegramBot,
-        ctx_tuples: list[tuple[CommandTracker, CommandConfig, ServiceProvider]],
-    ) -> str | list[dict[str, Any]] | None:
-        """Handle a provider-specific command.
+        tracker: CommandTracker,
+        config: CommandConfig,
+    ) -> CommandResponse | None:
+        """Handle a provider-specific command for a single tracker.
 
         Args:
             cmd: The command name (without '/').
             args: Arguments after the command.
             count: Number of results to return.
             locale: User's locale ('en', 'ru').
-            response_mode: 'media' or 'text'.
-            providers_map: Provider instances keyed by ID.
-            cmd_templates: Template slots {slot_name: {locale: template}}.
+            response_mode: 'media' or 'text' (from this tracker's config).
+            provider: The service provider instance for this tracker.
+            cmd_templates: Template slots for this tracker's command template config.
             bot: The Telegram bot instance.
-            ctx_tuples: Command context tuples for this provider type.
+            tracker: The command tracker being dispatched.
+            config: The command config for this tracker.
 
         Returns:
-            Text response, media list, or None if unhandled.
+            A CommandResponse, or None if unhandled.
         """
 
     def get_rate_categories(self) -> dict[str, str]: