security: harden input validation

[gilby125]

Stacked on PR #4.

Security hardening:

• Require PROXMOX_HOST and PROXMOX_TOKEN_VALUE instead of using defaults.
• Add validators for storage, snapshot, disk, mount point, network, and bridge identifiers.
• Apply validators across backup/snapshot/disk/network operations before building API paths/bodies.
• Remove unnecessary npm "https" dependency (Node builtin is used).
• Fix generateSecurePassword() to avoid modulo bias (uses crypto.randomInt).

Notes:

• Unit test sets required env vars so it doesn't depend on a local .env.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch security/harden-input-validation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}