TASK-020: Fix log_target security vulnerability (defense in depth)

**Issue:**
- log_target accepted arbitrary paths, allowing authenticated users to write
  files as root via fail2ban (e.g., /etc/cron.d/bangui-pwned)
- fail2ban runs as root and opens files specified in log_target

**Solution:**
1. **Model layer validation:** Already existed in GlobalConfigUpdate, prevents
   invalid paths before reaching service
2. **Service layer validation:** Added defensive check in update_global_config()
   that validates log_target even if model validation is bypassed
3. **New validation helper:** Added validate_log_target() utility that accepts
   special values (STDOUT, STDERR, SYSLOG) or paths within allowed directories

**Changes:**
- app/utils/path_utils.py: Added validate_log_target() helper
- app/services/config_service.py: Added service-layer validation before
  sending command to fail2ban
- backend/tests: Fixed session_secret length issues in fixtures (min 32 chars)
- backend/tests: Added tests for valid special log targets
- Docs/Backend-Development.md: Documented log_target security requirements

**Test Coverage:**
- Model validation rejects /etc/passwd (existing test)
- Model validation accepts STDOUT, STDERR, SYSLOG special values
- Model validation accepts paths in allowed directories
- Service layer validation tested with special values

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

backend/tests/test_models.py

@@ -18,7 +18,7 @@ def _mock_allowed_dirs(monkeypatch: pytest.MonkeyPatch) -> None:
             database_path=":memory:",
             fail2ban_socket="/tmp/fake.sock",
             fail2ban_config_dir="/tmp/fail2ban",
-            session_secret="test-secret-key-do-not-use",
+            session_secret="a" * 32,
         )
 
     monkeypatch.setattr("app.models.config.get_settings", mock_get_settings)