Add rootless Podman fixes, and others

improve container startup for rootless Podman, plus related refactors and tests. Key changes:

- Add/modify Audiobookshelf-related code and wiring (src/lib/services/audiobookshelf/api.ts, library service refs) and update documentation TABLEOFCONTENTS to reference ABS implementation.
- Detect user namespace in docker/unified app-start.sh and redis-start.sh and skip gosu when running in rootless Podman to preserve UID mapping; improve startup logging and verification.
- Add utility/service files (auth-token-cache.service.ts, credential-migration.service.ts, cleanup-helpers.ts) and corresponding tests; update chapter-merger and metadata-tagger utilities/tests.
- Update many admin/auth API routes and tests to reflect changes in settings and integrations.
- Remove large AI agent and Audiobookshelf implementation guide docs (AGENTS.md and the implementation guide) and add README note about AI-assisted workflow.

These changes enable Audiobookshelf backend mode, improve compatibility with rootless container runtimes, and include cleanup/refactor work and unit tests.

src/app/api/setup/complete/route.ts

@@ -193,10 +193,11 @@ export async function POST(request: NextRequest) {
         create: { key: 'plex_url', value: plex.url },
       });
 
+      const encryptedPlexToken = encryptionService.encrypt(plex.token);
       await prisma.configuration.upsert({
         where: { key: 'plex_token' },
-        update: { value: plex.token },
-        create: { key: 'plex_token', value: plex.token },
+        update: { value: encryptedPlexToken, encrypted: true },
+        create: { key: 'plex_token', value: encryptedPlexToken, encrypted: true },
       });
 
       await prisma.configuration.upsert({
@@ -375,10 +376,11 @@ export async function POST(request: NextRequest) {
       create: { key: 'prowlarr_url', value: prowlarr.url },
     });
 
+    const encryptedProwlarrApiKey = encryptionService.encrypt(prowlarr.api_key);
     await prisma.configuration.upsert({
       where: { key: 'prowlarr_api_key' },
-      update: { value: prowlarr.api_key },
-      create: { key: 'prowlarr_api_key', value: prowlarr.api_key },
+      update: { value: encryptedProwlarrApiKey, encrypted: true },
+      create: { key: 'prowlarr_api_key', value: encryptedProwlarrApiKey, encrypted: true },
     });
 
     await prisma.configuration.upsert({
@@ -414,10 +416,16 @@ export async function POST(request: NextRequest) {
       throw new Error('Invalid download client configuration');
     }
 
+    // Encrypt passwords in download clients
+    const encryptedClients = downloadClientsArray.map(client => ({
+      ...client,
+      password: client.password ? encryptionService.encrypt(client.password) : '',
+    }));
+
     await prisma.configuration.upsert({
       where: { key: 'download_clients' },
-      update: { value: JSON.stringify(downloadClientsArray) },
-      create: { key: 'download_clients', value: JSON.stringify(downloadClientsArray) },
+      update: { value: JSON.stringify(encryptedClients) },
+      create: { key: 'download_clients', value: JSON.stringify(encryptedClients) },
     });
 
     // Path configuration