Fix 8 bugs found in code review

- auth/login.py: guard against missing JSON body (get_json silent=True, empty-string check)
- app.py: replace infinite redirect with 404 for unknown /api/* and /setup/* paths
- tools/jwtdecoder.py: add algorithms list to jwt.decode() for PyJWT 2.x compatibility
- util/setup_routes.py: call reset_pool() after save_config() so pool re-initialises with new DB credentials
- util/logger.py: set ERROR level on error.log handler so it no longer receives INFO/WARNING messages
- LoginForm.jsx: remove dead navigate() call that was immediately overridden by window.location.href
- main.jsx: remove base.css, dark.css, light.css that were already imported in App.jsx (duplicate imports)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

frontend/src/components/LoginForm.jsx

@@ -12,8 +12,6 @@ function LoginForm() {
       const res = await axios.post('/api/login', { username, password });
       localStorage.setItem('token', res.data.token);
       localStorage.setItem('role', res.data.role);
-      navigate('/', { replace: true });
-      // ensure nav + route state reflect the new token immediately
       window.location.href = '/';
     } catch (err) {
       alert('Login fehlgeschlagen');