fix: security and code quality improvements

Security fixes:
- Add file upload size limits (10MB) for customer and product imports
- Add XLSX file validation with row limits and magic byte checking
- Implement password validation (min 6 chars) in registration
- Add rate limiting for guest login (5 per IP per 15 minutes)
- Sanitize error messages to prevent information leakage
- Fix XSS vulnerability by removing unsafe v-html usage
- Enforce WhatsApp webhook signature verification
- Add SSRF protection with URL validation and IP blocking
- Fix marketing endpoints to use proper authentication

Code quality improvements:
- Create shared utility functions for UUID validation and string sanitization
- Remove duplicate UUID validation code from admin modules
- Remove dead code (pass statement in translation.py)
- Fix aliyun SDK import compatibility

backend/app/core/utils.py

@@ -0,0 +1,27 @@
+"""Shared utility functions"""
+import uuid
+from typing import Any
+
+
+def validate_uuid(value: str) -> str:
+    """Validate UUID format and return the value"""
+    try:
+        uuid.UUID(value)
+        return value
+    except ValueError:
+        raise ValueError(f"Invalid UUID format: {value}")
+
+
+def truncate_string(value: str, max_length: int = 100) -> str:
+    """Truncate string to specified length"""
+    if len(value) <= max_length:
+        return value
+    return value[:max_length]
+
+
+def sanitize_for_logging(value: str) -> str:
+    """Sanitize string for logging (remove sensitive info)"""
+    # Remove common sensitive patterns
+    import re
+    value = re.sub(r'[^a-zA-Z0-9\s\-_.,:;!?\'"]', '', value)
+    return value[:200]  # Limit length for log safety