GT AI OS Community Edition v2.0.33

Security hardening release addressing CodeQL and Dependabot alerts:

- Fix stack trace exposure in error responses
- Add SSRF protection with DNS resolution checking
- Implement proper URL hostname validation (replaces substring matching)
- Add centralized path sanitization to prevent path traversal
- Fix ReDoS vulnerability in email validation regex
- Improve HTML sanitization in validation utilities
- Fix capability wildcard matching in auth utilities
- Update glob dependency to address CVE
- Add CodeQL suppression comments for verified false positives

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/control-panel-backend/pytest.ini

@@ -0,0 +1,29 @@
+[tool:pytest]
+minversion = 6.0
+addopts = 
+    -ra
+    --strict-markers
+    --strict-config
+    --cov=app
+    --cov-report=term-missing:skip-covered
+    --cov-report=html:htmlcov
+    --cov-report=xml
+    --cov-fail-under=80
+    -p no:warnings
+testpaths = tests
+python_files = test_*.py
+python_classes = Test*
+python_functions = test_*
+markers =
+    slow: marks tests as slow
+    integration: marks tests as integration tests
+    unit: marks tests as unit tests
+    security: marks tests as security-focused
+asyncio_mode = auto
+env =
+    DATABASE_URL = sqlite+aiosqlite:///:memory:
+    REDIS_URL = redis://localhost:6379/15
+    SECRET_KEY = test-secret-key-for-testing-only
+    JWT_SECRET = test-jwt-secret-for-testing-only
+    MASTER_ENCRYPTION_KEY = test-master-key-32-bytes-long-test
+    DEBUG = True