fix bugs, harden server, strip-based dithering, update docs

Firmware:
- fix 90° rotation (was transpose)
- fix Adafruit_Thermal constructor (spurious DTR pin arg)
- wire up uploadImage; heatInterval now applied
- PSRAM-free strip dithering: 2-row buffers (~1KB) replace 153KB PSRAM alloc
- consolidate all pins into config.h; BUTTON_PIN → Config::PIN_BUTTON
- constrain contrast/brightness/heat in settings save handler
- uploadImage size param int → size_t

Server:
- canonicalize upload_dir at startup (fixes path traversal guard)
- path traversal guard in serve_image
- replace unwrap in gallery_data with error handling
- IMAGE_WIDTH/IMAGE_HEIGHT named constants

Gallery:
- innerHTML → createElement (XSS-safe)
- encodeURIComponent on image URLs
- replace("_"," ") → regex /_/g

Docs: rewrite README, clarify GUEST_MANUAL placeholders

GUEST_MANUAL.md

@@ -6,11 +6,11 @@ Snap a photo, get a receipt, and view the digital archive instantly.
 
 ### How to use
 
-1.  **Frame your shot.** (The lens is slightly wide-angle!)
-2.  **Press the Button.**
-3.  **Wait ~5 seconds.**
-    - **Print:** Collect your physical photo.
-    - **Upload:** The photo is magically sent to the gallery.
+1. **Frame your shot.** (Wide-angle lens — back up a little!)
+2. **Press the button.**
+3. **Wait ~5 seconds.**
+   - A thermal print comes out of the printer.
+   - The photo is uploaded to the live gallery.
 
 ---
 
@@ -18,11 +18,12 @@ Snap a photo, get a receipt, and view the digital archive instantly.
 
 Want to save the photo to your phone?
 
-1.  Connect to the WiFi: **[Your_WiFi_Name]**
-2.  Scan this code or go to:
-    **http://[YOUR_LAPTOP_IP]:3000/gallery**
-3.  Password: **partytime**
+1. Connect to the WiFi: **[FILL IN: venue WiFi name]**
+2. Go to: **http://[FILL IN: server IP]:3000/gallery**
+3. Password: **[FILL IN: gallery password]**
 
 _(Ask the host if you can't connect!)_
 
 ---
+
+> **Host checklist before printing this:** fill in the three `[FILL IN]` fields above.