Security, code quality and frontend improvements

- Move SECRET_KEY out of docker-compose into .env (env_file), add .env.example
- Add flask-limiter with 10 req/min on login route; introduce util/limiter.py
- Replace direct mysql.connector.connect() calls with MySQLConnectionPool via util/db_pool.py
- Fix deprecated datetime.utcnow() -> datetime.now(timezone.utc) in auth/login.py
- Remove dead /api/scripts 410 route from admin.py
- Add MD5 security warning in Md5Tool.jsx
- Add ErrorBoundary component and wrap App.jsx
- Expand README with setup guide, screenshot and project structure

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/util/db_pool.py

@@ -0,0 +1,26 @@
+import mysql.connector.pooling
+from util.logger import logger
+
+_pool = None
+
+
+def get_connection():
+    global _pool
+    if _pool is None:
+        from util.db_config import load_config
+        config = load_config()
+        if not config:
+            raise RuntimeError("DB-Konfiguration nicht verfügbar")
+        _pool = mysql.connector.pooling.MySQLConnectionPool(
+            pool_name="tools_pool",
+            pool_size=5,
+            **config
+        )
+        logger.info("DB-Verbindungspool erstellt (pool_size=5)")
+    return _pool.get_connection()
+
+
+def reset_pool():
+    """Pool zurücksetzen – nach Konfigurationsänderung aufrufen."""
+    global _pool
+    _pool = None

backend/util/limiter.py

@@ -0,0 +1,4 @@
+from flask_limiter import Limiter
+from flask_limiter.util import get_remote_address
+
+limiter = Limiter(key_func=get_remote_address)