fix: security and code quality improvements

Security fixes:
- Add file upload size limits (10MB) for customer and product imports
- Add XLSX file validation with row limits and magic byte checking
- Implement password validation (min 6 chars) in registration
- Add rate limiting for guest login (5 per IP per 15 minutes)
- Sanitize error messages to prevent information leakage
- Fix XSS vulnerability by removing unsafe v-html usage
- Enforce WhatsApp webhook signature verification
- Add SSRF protection with URL validation and IP blocking
- Fix marketing endpoints to use proper authentication

Code quality improvements:
- Create shared utility functions for UUID validation and string sanitization
- Remove duplicate UUID validation code from admin modules
- Remove dead code (pass statement in translation.py)
- Fix aliyun SDK import compatibility

backend/app/api/v1/product.py

@@ -100,9 +100,24 @@ async def import_products(
     user_id: str = Depends(get_current_user_id),
     db: AsyncSession = Depends(get_db),
 ):
+    from app.services.product import ProductService
+
+    MAX_UPLOAD_SIZE = 10 * 1024 * 1024  # 10MB
+
+    filename = file.filename or "unknown"
+    file_size = 0
+    content = b""
+    while True:
+        chunk = await file.read(8192)
+        if not chunk:
+            break
+        file_size += len(chunk)
+        if file_size > MAX_UPLOAD_SIZE:
+            raise HTTPException(status_code=413, detail=f"File too large. Max {MAX_UPLOAD_SIZE // (1024*1024)}MB")
+        content += chunk
+
     service = ProductService(db)
-    content = await file.read()
-    filename = file.filename.lower()
+    filename_lower = filename.lower()
 
     if filename.endswith(".xlsx"):
         if not HAS_OPENPYXL: