476a9beb3b
- Constant-time HMAC comparison (prevents timing side-channel) - Add timestamp to HMAC scheme for replay protection (30s window) New format: HMAC:<16hex>:<uptime_s>:<cmd> - Validate HOSTNAME against [a-z0-9-] to prevent UDP stream injection - Sanitize probe request SSIDs (strip non-printable chars and commas) - Redact HMAC token from serial log output - NVS write throttle: max 20 writes per 10s to prevent flash wear