Add simplified NIP-46 bunker page with click-to-copy QR codes (v0.41.0)

- Add BunkerView with two QR codes: client (bunker://) and signer (nostr+connect://)
- Add click-to-copy functionality on QR codes with visual "Copied!" feedback
- Add CAT requirement warning (only shows when ACL mode is active)
- Remove WireGuard dependencies from bunker page
- Add /api/bunker/info public endpoint for relay URL, ACL mode, CAT status
- Add Cashu token verification for WebSocket connections
- Add kind permission checking for Cashu token scopes
- Add cashuToken field to Listener for connection-level token tracking

Files modified:
- app/handle-bunker.go: New bunker info endpoint (without WireGuard)
- app/handle-event.go: Add Cashu token kind permission check
- app/handle-websocket.go: Extract and verify Cashu token on WS upgrade
- app/listener.go: Add cashuToken field
- app/server.go: Register bunker info endpoint
- app/web/src/BunkerView.svelte: Complete rewrite with QR codes
- app/web/src/api.js: Add getBunkerInfo() function
- pkg/version/version: Bump to v0.41.0

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

app/handle-event.go

@@ -131,6 +131,15 @@ func (l *Listener) HandleEvent(msg []byte) (err error) {
 		return
 	}
 
+	// Check Cashu token kind permissions if a token was provided
+	if l.cashuToken != nil && !l.cashuToken.IsKindPermitted(int(env.E.Kind)) {
+		log.W.F("HandleEvent: rejecting event kind %d - not permitted by Cashu token", env.E.Kind)
+		if err = Ok.Error(l, env, "event kind not permitted by access token"); chk.E(err) {
+			return
+		}
+		return
+	}
+
 	// Handle NIP-43 special events before ACL checks
 	switch env.E.Kind {
 	case nip43.KindJoinRequest: