Add sanitization for SVG uploads and enhance security headers for asset responses

- Introduced SVG sanitization using `dompurify` to prevent malicious content.
- Updated tests to validate SVG sanitization with various scenarios.
- Enhanced response headers for assets, adding CSP and nosniff for SVGs.
- Adjusted UI to better clarify supported file types for logo uploads.
- Updated dependencies to include `jsdom` and `dompurify`.

server/package.json

@@ -34,17 +34,19 @@
     "@paperclipai/adapter-claude-local": "workspace:*",
     "@paperclipai/adapter-codex-local": "workspace:*",
     "@paperclipai/adapter-cursor-local": "workspace:*",
-    "@paperclipai/adapter-opencode-local": "workspace:*",
     "@paperclipai/adapter-openclaw": "workspace:*",
+    "@paperclipai/adapter-opencode-local": "workspace:*",
     "@paperclipai/adapter-utils": "workspace:*",
     "@paperclipai/db": "workspace:*",
     "@paperclipai/shared": "workspace:*",
     "better-auth": "1.4.18",
     "detect-port": "^2.1.0",
+    "dompurify": "^3.3.2",
     "dotenv": "^17.0.1",
     "drizzle-orm": "^0.38.4",
     "embedded-postgres": "^18.1.0-beta.16",
     "express": "^5.1.0",
+    "jsdom": "^28.1.0",
     "multer": "^2.0.2",
     "open": "^11.0.0",
     "pino": "^9.6.0",
@@ -56,6 +58,7 @@
   "devDependencies": {
     "@types/express": "^5.0.0",
     "@types/express-serve-static-core": "^5.0.0",
+    "@types/jsdom": "^28.0.0",
     "@types/multer": "^2.0.0",
     "@types/node": "^24.6.0",
     "@types/supertest": "^6.0.2",