fix: security and code quality improvements

Security fixes:
- Add file upload size limits (10MB) for customer and product imports
- Add XLSX file validation with row limits and magic byte checking
- Implement password validation (min 6 chars) in registration
- Add rate limiting for guest login (5 per IP per 15 minutes)
- Sanitize error messages to prevent information leakage
- Fix XSS vulnerability by removing unsafe v-html usage
- Enforce WhatsApp webhook signature verification
- Add SSRF protection with URL validation and IP blocking
- Fix marketing endpoints to use proper authentication

Code quality improvements:
- Create shared utility functions for UUID validation and string sanitization
- Remove duplicate UUID validation code from admin modules
- Remove dead code (pass statement in translation.py)
- Fix aliyun SDK import compatibility

backend/app/api/v1/marketing.py

@@ -67,10 +67,10 @@ async def generate_marketing(
 
 
 @router.post("/keywords")
-async def generate_keywords(data: KeywordsRequest, authorization: str = Header(None)):
-    if not authorization:
-        raise HTTPException(status_code=401, detail="Missing token")
-
+async def generate_keywords(
+    data: KeywordsRequest,
+    user_id: str = Depends(get_current_user_id),
+):
     service = MarketingService()
     product_info = {
         "name": data.product_name,
@@ -83,10 +83,10 @@ async def generate_keywords(data: KeywordsRequest, authorization: str = Header(N
 
 
 @router.post("/competitor-analysis")
-async def competitor_analysis(data: CompetitorRequest, authorization: str = Header(None)):
-    if not authorization:
-        raise HTTPException(status_code=401, detail="Missing token")
-
+async def competitor_analysis(
+    data: CompetitorRequest,
+    user_id: str = Depends(get_current_user_id),
+):
     service = MarketingService()
     product_info = {
         "name": data.product_name,