secrets tab, drop commute filter, favicon, robust error reports

1. Admin → Geheimnisse sub-tab lets you edit ANTHROPIC_API_KEY +
   BERLIN_WOHNEN_USERNAME/PASSWORD at runtime. Migration v7 adds a
   secrets(key,value,updated_at) table; startup seeds missing keys from
   env (idempotent). web reads secrets DB-first (env fallback) via
   llm._api_key(); alert fetches them from web /internal/secrets on each
   scan, passes them into Scraper(). Rotating creds no longer needs a
   redeploy.
   Masked display: 6 leading + 4 trailing chars, "…" in the middle.
   Blank form fields leave the stored value untouched.

2. Drop the max_morning_commute filter from UI + server + FILTER_KEYS +
   filter summary (the underlying Maps.calculate_score code stays for
   potential future re-enable).

3. /static/didi.webp wired as favicon via <link rel="icon"> in base.html.

4. apply.open_page wraps page.goto in try/except so a failed load still
   produces a "goto.failed" step + screenshot instead of returning an
   empty forensics blob. networkidle + post-submission sleep are also
   made best-effort. The error ZIP export already writes screenshot+HTML
   per step and final_html — with this change every apply run leaves a
   reconstructable trail even when the listing is already offline.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

alert/main.py

@@ -71,7 +71,13 @@ class FlatAlerter:
 
     def scan(self):
         logger.info("starting scan")
-        scraper = Scraper()
+        # Pull fresh creds from web each scan so admin edits take effect
+        # without a redeploy.
+        secrets = self.web.fetch_secrets()
+        scraper = Scraper(
+            username=secrets.get("BERLIN_WOHNEN_USERNAME", ""),
+            password=secrets.get("BERLIN_WOHNEN_PASSWORD", ""),
+        )
         if not scraper.login():
             return
         flats_data = scraper.get_flats()