Disable unauthenticated localhost API after Android moves off TCP

[tripledoublev]

Summary

• disable the TCP localhost API by default and continue serving over the Unix domain socket
• require SAVE_ENABLE_TCP=1 plus SAVE_API_TOKEN to expose 127.0.0.1:8080
• require Authorization: Bearer SAVE_API_TOKEN for TCP /api requests
• add transport middleware tests and transport docs

Merge dependency

• Android still uses localhost TCP today, so this PR should merge only after the mobile client switches to the Unix socket path or otherwise handles the new TCP auth requirements

Testing

• cargo check
• cargo test test_api_middleware -- --nocapture

[tripledoublev]

This PR is blocked by changes needed in the Android app.

• Android DI still points the main Snowbird API client at http://localhost:8080/api/ in Save-app-android/app/src/main/java/net/opendasharchive/openarchive/core/di/RetrofitModule.kt
• Android service polling still checks http://localhost:8080/status in /Save-app-android/app/src/main/java/net/opendasharchive/openarchive/services/snowbird/service/SnowbirdService.kt

[tripledoublev]

This PR changes the local Snowbird transport model. Before merging it, the Android app needs to stop depending on unauthenticated localhost TCP.

Required changes:

1. Switch the Snowbird API client from Retrofit localhost HTTP to the Unix socket client.

• Replace the active ISnowbirdAPI binding so the app uses the unixSocket implementation instead of the retrofit one.
• Current localhost binding:
  Save-app-android/app/src/main/java/net/opendasharchive/openarchive/core/di/RetrofitModule.kt
• Existing Unix socket binding:
  Save-app-android/app/src/main/java/net/opendasharchive/openarchive/core/di/UnixSocketModule.kt

2. Remove or replace localhost HTTP readiness polling.

• Current code polls:
  http://localhost:8080/status
• File:
  Save-app-android/app/src/main/java/net/opendasharchive/openarchive/services/snowbird/service/SnowbirdService.kt
• This needs to be replaced with either:
  • a Unix-socket-based health check, or
  • another service-ready signal that does not depend on TCP localhost.

3. Update UI/status text that currently assumes localhost TCP.

• Current text says the service is running on localhost:8080.
• File:
  Save-app-android/app/src/main/java/net/opendasharchive/openarchive/services/snowbird/SnowbirdFragment.kt

Optional compatibility path if Android still needs TCP temporarily:

• explicitly enable TCP with SAVE_ENABLE_TCP=1
• generate/provide SAVE_API_TOKEN
• send Authorization: Bearer <token> on all TCP /api requests
• update /status polling accordingly if it remains on TCP

Definition of done for unblocking this PR:

• no production Snowbird API calls go through http://localhost:8080/api/
• no service readiness logic depends on http://localhost:8080/status
• app works end-to-end using the Unix socket path
• if TCP is intentionally retained, all /api calls include the bearer token required by this PR