v2.20.2: audit round 3
Tightened the web-push endpoint allowlist to exact push-service hosts and stopped forwarding raw exception text into the assistant's context. This release accompanies a live-verification pass confirming rate-limit spoofing is defeated, auth rejects bad tokens, database rules are deny-all, and the share pages resist injection.