fix: resolve OpenAPI spec validation errors for token restrictions

Replace .allow(false).default(false) with .empty(Joi.valid('', false))
.allow(null).default(null) on token restriction schemas (referrers,
addresses, rateLimit). The false sentinel produced invalid OpenAPI:
type "array" with default: false and enum: [false].

Using .empty() converts false inputs to undefined (then defaulted to
null), maintaining backward compatibility for API consumers that send
false to clear restrictions. Runtime code uses truthiness checks so
null behaves identically to false.

Also replace notifyFrom .default('now') with .default(null) since
'now' is not a valid date-time value. The runtime already treats any
falsy notifyFrom as "use current time".

These changes eliminate all 5 OpenAPI validation errors, allowing SDK
generation without --skip-validate-spec.

Author: andris9

lib/api-routes/account-routes.js

@@ -195,7 +195,7 @@ async function init(args) {
 
                     logs: Joi.boolean().example(false).description('Store recent logs').default(false),
 
-                    notifyFrom: accountSchemas.notifyFrom.default('now'),
+                    notifyFrom: accountSchemas.notifyFrom.default(null),
                     syncFrom: accountSchemas.syncFrom.default(null),
 
                     proxy: settingsSchema.proxyUrl,
@@ -630,7 +630,7 @@ async function init(args) {
 
                 payload: Joi.object({
                     flush: Joi.boolean().truthy('Y', 'true', '1').falsy('N', 'false', 0).default(false).description('Only flush the account if true'),
-                    notifyFrom: accountSchemas.notifyFrom.default('now'),
+                    notifyFrom: accountSchemas.notifyFrom.default(null),
                     imapIndexer: accountSchemas.imapIndexer,
                     syncFrom: accountSchemas.syncFrom
                 }).label('RequestFlush')

lib/schemas.js

@@ -1489,10 +1489,10 @@ const oauthCreateSchema = {
 const tokenRestrictionsSchema = Joi.object({
     referrers: Joi.array()
         .items(Joi.string())
-        .empty('')
+        .empty(Joi.valid('', false))
         .single()
-        .allow(false)
-        .default(false)
+        .allow(null)
+        .default(null)
         .example(['*web.domain.org/*', '*.domain.org/*', 'https://domain.org/*'])
         .label('ReferrerAllowlist')
         .description('HTTP referrer patterns that are allowed to use this token (wildcards supported)'),
@@ -1503,25 +1503,26 @@ const tokenRestrictionsSchema = Joi.object({
                 cidr: 'optional'
             })
         )
-        .empty('')
+        .empty(Joi.valid('', false))
         .single()
-        .allow(false)
-        .default(false)
+        .allow(null)
+        .default(null)
         .example(['1.2.3.4', '5.6.7.8', '127.0.0.0/8'])
         .label('AddressAllowlist')
         .description('IP addresses or CIDR ranges allowed to use this token'),
     rateLimit: Joi.object({
         maxRequests: Joi.number().integer().min(1).example(20).description('Maximum requests allowed in the time window'),
         timeWindow: Joi.number().integer().min(1).example(2).description('Time window duration in seconds')
     })
-        .allow(false)
-        .default(false)
+        .empty(Joi.valid('', false))
+        .allow(null)
+        .default(null)
         .example({ maxRequests: 20, timeWindow: 2 })
         .label('AddressRateLimit')
         .description('Rate limiting configuration for this token')
 })
-    .empty('')
-    .allow(false)
+    .empty(Joi.valid('', false))
+    .allow(null)
     .label('TokenRestrictions')
     .description('Security restrictions for API token usage');