feat: add dedicated Discord settings section to admin page

[hokiepokedad2]

Summary

Closes #115

• Adds a dedicated Discord section to the admin settings page with a proper enable_discord boolean toggle (replacing the raw text input in the "Other" section)
• Adds a read-only Server Configuration sub-section showing masked Discord server config values (Client ID, Client Secret, Bot Token, Guild ID, Admin IDs, Geofence Forum Channel) fetched from a new GET /api/settings/discord-config endpoint
• Secrets (Client Secret, Bot Token) show only the last 4 characters; IDs show first 4 + last 4 characters
• Adds enable_discord to the settings migration category map and boolean keys
• Adds discord_client_secret and discord_bot_token to the sensitive keys filter

Security

• New endpoint is admin-only (returns 403 for non-admins)
• Secrets are masked server-side before transmission — full values never leave the backend
• No write endpoint for server config — values can only be changed via .env + restart
• Sensitive Discord keys added to SensitiveKeys set to prevent accidental exposure via GET /api/settings

Test plan

• Backend builds (0 errors)
• 562 backend tests pass (2 new tests for Discord config endpoint)
• 461 frontend tests pass
• ESLint clean
• Prettier clean
• dotnet format clean
• Verify Discord section renders with toggle and server config on admin settings page
• Verify secrets are properly masked in the UI
• Verify non-admin users cannot access GET /api/settings/discord-config
• Verify section appears even when enable_discord setting doesn't exist in DB yet

[hokiepokedad2]

Code Review — PR #116

Grade: A | Verdict: APPROVED

Metric	Rating
Code Quality	Excellent
Requirements Satisfied	All 7/7
Architecture Fit	Consistent
Risk Level	Low
Test Coverage	Good (2 new tests, 562+461 pass)

---

Requirements Traceability

Requirement (from #115)	Status
Discord out of "Other" section → dedicated section	✅
enable_discord as toggle (not text input)	✅
Match Telegram section pattern	✅
Show Client ID, Client Secret, Bot Token, Guild ID, Admin IDs, Forum Channel	✅ All 6 shown

Security Review

• ✅ Secrets masked server-side (MaskSecret — last 4 chars only for Client Secret & Bot Token)
• ✅ IDs partially masked (MaskValue — first 4 + last 4 chars)
• ✅ Endpoint is admin-only (403 for non-admins, tested)
• ✅ No write endpoint for server config — .env + restart required
• ✅ discord_client_secret and discord_bot_token added to SensitiveKeys filter
• ✅ Full secret values verified absent from serialized response (test assertion)

Code Quality Notes

• Clean hybrid design: editable enable_discord toggle (DB-backed) + read-only server config (IOptions)
• Discord group follows identical SETTING_GROUPS pattern as Telegram
• Server config sub-section is a new UI pattern but cleanly contained
• visibleGroups correctly extended to show Discord even before enable_discord exists in DB
• Masking helpers handle null/empty/short values correctly
• SCSS uses existing CSS variables and responsive breakpoints consistently

Minor Observations (Non-blocking)

1. getDiscordConfig() in ngOnInit has no error callback — acceptable since the section simply won't render on failure, but a console.warn could aid debugging
2. Group identification via string 'Discord' in template — fine for a single case

Test Coverage

• GetDiscordConfigReturnsOkForAdmin — verifies response + secret masking
• GetDiscordConfigReturnsForbidForNonAdmin — verifies access control
• All 562 backend + 461 frontend tests pass, ESLint/Prettier/dotnet-format clean

No critical or major issues found. Clean, well-scoped implementation.