fix cdp login flow and ui config persistence

[shmilyty]

This pull request introduces several important improvements to configuration, logging, and robustness for CitationClaw, focusing on better handling of sensitive keys, dynamic configuration reloads, advanced logging controls, and enhanced user experience for browser-based publisher logins. The changes ensure that sensitive credentials are never silently wiped, configuration changes on disk are respected without restarts, and users can control log verbosity for a calmer UI. Additionally, the new publisher login checkpoint features are fully integrated and protected from accidental resets.

Configuration robustness and sensitive data handling:

• Added a field_validator to AppConfig to automatically strip leading/trailing whitespace from all sensitive key/token fields (e.g., openai_api_key, core_api_key) at load/save time, preventing subtle authentication failures due to copy-paste errors. [1] [2]
• Updated the config save logic in main.py to preserve existing sensitive values (API keys, tokens, feature flags) when the UI POST body omits or blanks them, avoiding accidental overwrites from incomplete UI forms.
• Added new configuration fields for advanced PDF download fallback, publisher login checkpoint, and log level control, ensuring they are included in both backend and frontend models to prevent silent loss on config round-trips. [1] [2] [3]

Dynamic configuration reload:

• ConfigManager now auto-reloads config.json if it is modified on disk, so changes take effect without requiring a server restart.

Advanced logging controls:

• Introduced a configurable minimum log level (log_min_level) in both config and LogManager, allowing users to filter out INFO-level "noise" and see only SUCCESS, WARNING, or ERROR messages. [1] [2] [3]
• Improved console and file logging robustness: all output streams are proactively reconfigured to UTF-8 with error replacement (in both __main__.py and log_manager.py), and Unicode errors are gracefully handled to prevent crashes on Windows GBK consoles. [1] [2] [3]
• Added file logging support to LogManager, including log rotation and safe file I/O handling.

Publisher login checkpoint support:

• Added new config options and UI API endpoints for the Phase 2 publisher login checkpoint, including customizable login URLs, wait time, and post-login probes, and ensured their values are protected from accidental UI resets. [1] [2] [3] [4]

These changes collectively make the system more reliable, user-friendly, and maintainable, especially for advanced users and those running the service in production or non-English environments.