fix: harden resource limits, path safety, and WASM build (#46)

Security audit follow-up across the workspace:

- webclaw-core: keep the crate WASM-safe. quickjs/rquickjs is now a
  cfg(not(wasm32)) target dependency and the extraction entry point uses
  a direct call on wasm instead of spawning a thread, so it builds and
  runs on wasm32 with or without default features.
- webclaw-core: bound the structured-data scrubber recursion (depth cap)
  so deeply nested attacker JSON-LD / __NEXT_DATA__ cannot exhaust the
  stack.
- webclaw-fetch: stream the response body with a running ceiling so a
  small highly compressed payload cannot inflate to gigabytes in memory;
  redact user:pass@ from proxy URLs before they reach error strings.
- webclaw-cli: contain output filenames inside the chosen directory
  (reject .. / absolute, drop traversal path segments), run --webhook
  URLs through the public-URL SSRF guard, clamp --watch-interval to >=1s,
  and make research slug truncation char-safe.
- webclaw-mcp: char-safe slug truncation (no multibyte slice panic).
- setup.sh / deploy/hetzner.sh: replace eval on read input with
  printf -v, and mask auth key / API token in console output.
- CI: enforce the wasm32 build invariant for webclaw-core.

Tests added for every behavioral change. Bump to 0.6.3 + CHANGELOG.

crates/webclaw-mcp/src/server.rs

@@ -800,7 +800,9 @@ fn slugify(query: &str) -> String {
         .collect::<Vec<_>>()
         .join("-")
         .to_lowercase();
-    if s.len() > 60 { s[..60].to_string() } else { s }
+    // char-safe truncation: byte slicing panics if char 60 lands
+    // mid-codepoint (multibyte queries, e.g. CJK / accented input).
+    s.chars().take(60).collect()
 }
 
 /// Check for a cached research result. Returns the compact response if found.
@@ -856,3 +858,32 @@ fn save_research(dir: &std::path::Path, slug: &str, data: &serde_json::Value) ->
         json_path.to_string_lossy().to_string(),
     )
 }
+
+#[cfg(test)]
+mod tests {
+    use super::slugify;
+
+    #[test]
+    fn slugify_multibyte_query_does_not_panic() {
+        // Byte-slicing s[..60] would panic mid-codepoint on multibyte
+        // alphanumerics; char-safe truncation must not.
+        let q = "日本語のクエリ".repeat(20); // long, 3-byte chars
+        let s = slugify(&q);
+        assert!(
+            s.chars().count() <= 60,
+            "slug too long: {}",
+            s.chars().count()
+        );
+    }
+
+    #[test]
+    fn slugify_ascii_unchanged_under_limit() {
+        assert_eq!(slugify("Hello World Query"), "hello-world-query");
+    }
+
+    #[test]
+    fn slugify_caps_long_ascii_at_60_chars() {
+        let s = slugify(&"word ".repeat(40));
+        assert!(s.len() <= 60);
+    }
+}