feat: proxy provider UI, webhook URL fix, and dev-server key persistence

- Add proxy provider selector (None/NPM) to settings page with radio cards
- Show warning when switching to None about existing NPM routes
- Conditionally hide SSL certificate picker and NPM credentials when provider is None
- Fix webhook URL regenerate not updating UI (field name mismatch: url vs webhook_url)
- Fix dev-server.sh to persist ENCRYPTION_KEY across restarts via data/.dev-key
- Fix selected radio card background visibility in dark mode

scripts/dev-server.sh

@@ -15,8 +15,20 @@ if [ -n "$PID" ] && [ "$PID" != "0" ]; then
     sleep 1
 fi
 
-# Generate a random encryption key if not set.
-export ENCRYPTION_KEY="${ENCRYPTION_KEY:-$(openssl rand -hex 32)}"
+# Use a stable encryption key for development.
+# Generate once and save to data/.dev-key so encrypted tokens survive restarts.
+if [ -z "${ENCRYPTION_KEY:-}" ]; then
+    KEY_FILE="./data/.dev-key"
+    mkdir -p ./data
+    if [ -f "$KEY_FILE" ]; then
+        ENCRYPTION_KEY=$(cat "$KEY_FILE")
+    else
+        ENCRYPTION_KEY=$(openssl rand -hex 32)
+        echo "$ENCRYPTION_KEY" > "$KEY_FILE"
+        echo "Generated new dev encryption key (saved to $KEY_FILE)"
+    fi
+fi
+export ENCRYPTION_KEY
 export ADMIN_PASSWORD="${ADMIN_PASSWORD:-admin123}"
 export LISTEN_ADDR="${PORT}"