secrets tab, drop commute filter, favicon, robust error reports

1. Admin → Geheimnisse sub-tab lets you edit ANTHROPIC_API_KEY +
   BERLIN_WOHNEN_USERNAME/PASSWORD at runtime. Migration v7 adds a
   secrets(key,value,updated_at) table; startup seeds missing keys from
   env (idempotent). web reads secrets DB-first (env fallback) via
   llm._api_key(); alert fetches them from web /internal/secrets on each
   scan, passes them into Scraper(). Rotating creds no longer needs a
   redeploy.
   Masked display: 6 leading + 4 trailing chars, "…" in the middle.
   Blank form fields leave the stored value untouched.

2. Drop the max_morning_commute filter from UI + server + FILTER_KEYS +
   filter summary (the underlying Maps.calculate_score code stays for
   potential future re-enable).

3. /static/didi.webp wired as favicon via <link rel="icon"> in base.html.

4. apply.open_page wraps page.goto in try/except so a failed load still
   produces a "goto.failed" step + screenshot instead of returning an
   empty forensics blob. networkidle + post-submission sleep are also
   made best-effort. The error ZIP export already writes screenshot+HTML
   per step and final_html — with this change every apply run leaves a
   reconstructable trail even when the listing is already offline.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

alert/web_client.py

@@ -37,3 +37,18 @@ class WebClient:
             )
         except requests.RequestException:
             pass
+
+    def fetch_secrets(self) -> dict:
+        """Pull the current runtime secrets dict from web. Empty on failure
+        — caller falls back to env values."""
+        try:
+            r = requests.get(
+                f"{self.base_url}/internal/secrets",
+                headers=self.headers,
+                timeout=5,
+            )
+            if r.ok:
+                return r.json() or {}
+        except requests.RequestException as e:
+            logger.warning(f"secrets fetch failed: {e}")
+        return {}