Add security logging, domain validation, and output helpers

- Add authentication failure logging to AuthMiddleware (session expiry,
  access denied, unauthenticated access attempts)
- Add UrlHelper for secure URL generation with host validation against
  configurable ALLOWED_HOSTS whitelist
- Add OutputHelper with consistent XSS-safe escaping functions (h, attr,
  json, url, css, truncate, date, cssClass)
- Add validation to AuditLogModel query parameters (pagination limits,
  date format validation, action/entity type validation, IP sanitization)
- Add APP_DOMAIN and ALLOWED_HOSTS configuration options

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

api/update_ticket.php

@@ -15,6 +15,7 @@ try {
     $configPath = dirname(__DIR__) . '/config/config.php';
     require_once $configPath;
     require_once dirname(__DIR__) . '/helpers/Database.php';
+    require_once dirname(__DIR__) . '/helpers/UrlHelper.php';
 
     // Load environment variables (for Discord webhook)
     $envPath = dirname(__DIR__) . '/.env';
@@ -220,10 +221,8 @@ try {
                 return;
             }
             
-            // Create ticket URL
-            $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
-            $host = $_SERVER['HTTP_HOST'] ?? 't.lotusguild.org';
-            $ticketUrl = "{$protocol}://{$host}/ticket/{$ticketId}";
+            // Create ticket URL using validated host
+            $ticketUrl = UrlHelper::ticketUrl($ticketId);
             
             // Determine embed color based on priority
             $colors = [