feat(Nav): Refactor navigation structure to support nested items and improve visibility logic

feat(Radio):
-  Redesigned Queue modal, added drag & drop capabilities
- Added stream quality selector, currently offering: AAC @ 128kbps, AAC @ 320kbps & FLAC (lossless)

fix(middleware): Import API_URL from config and remove hardcoded API_URL definition

security(api): Enhance discord image and video caching with improved signature verification and error handling, updated image proxy to include production checks for signing secret

src/components/DiscordLogs.tsx

@@ -2,6 +2,7 @@ import React, { useState, useEffect, useLayoutEffect, useMemo, useCallback, memo
 import type { AnimationItem } from 'lottie-web';
 import { ProgressSpinner } from 'primereact/progressspinner';
 import { authFetch } from '@/utils/authFetch';
+import DOMPurify from 'isomorphic-dompurify';
 
 // ============================================================================
 // Type Definitions
@@ -981,7 +982,12 @@ function parseDiscordMarkdown(text: string | null | undefined, options: ParseOpt
         // Must be done after all markdown processing
         parsed = parsed.replace(/\\([_*~`|\\])/g, '$1');
 
-        return parsed;
+        // Final sanitization pass with DOMPurify to prevent XSS
+        return DOMPurify.sanitize(parsed, {
+            ALLOWED_TAGS: ['strong', 'em', 'u', 's', 'span', 'code', 'pre', 'br', 'a', 'img', 'blockquote'],
+            ALLOWED_ATTR: ['class', 'href', 'target', 'rel', 'src', 'alt', 'title', 'style', 'data-lenis-prevent', 'data-channel-id', 'data-user-id', 'data-role-id'],
+            ALLOW_DATA_ATTR: true,
+        });
     } catch (err) {
         try { console.error('parseDiscordMarkdown failed', err); } catch (e) { /* ignore logging errors */ }
         // Fallback: return a safely-escaped version of the input to avoid crashing the UI