FIX: Resolve critical reverse proxy security vulnerability and complete i18n implementation

Security Fixes:
- Configure Express trust proxy to properly detect client IPs behind nginx reverse proxy
- Remove deprecated isLocalhost() function that was vulnerable to IP spoofing
- Ensure /ssh/db/host/internal endpoint uses secure token-based authentication only

Internationalization Improvements:
- Replace hardcoded English strings with proper i18n keys in admin settings
- Complete SSH configuration documentation translation (sshpass, server config)
- Add missing translation keys for Debian/Ubuntu, macOS, Windows installation methods
- Fix Chinese translation key mismatches for SSH server configuration options

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

src/locales/zh/translation.json

@@ -592,11 +592,21 @@
     "maxRetriesDescription": "隧道连接的最大重试次数。",
     "retryIntervalDescription": "重试尝试之间的等待时间。",
     "otherInstallMethods": "其他安装方法：",
+    "debianUbuntuEquivalent": "(Debian/Ubuntu) 或您的操作系统的等效命令。",
+    "or": "或",
+    "centosRhelFedora": "CentOS/RHEL/Fedora",
+    "macos": "macOS",
+    "windows": "Windows",
     "sshpassOSInstructions": {
       "centos": "CentOS/RHEL/Fedora: sudo yum install sshpass 或 sudo dnf install sshpass",
       "macos": "macOS: brew install hudochenkov/sshpass/sshpass",
       "windows": "Windows: 使用 WSL 或考虑使用 SSH 密钥认证"
     },
+    "sshServerConfigRequired": "SSH 服务器配置要求",
+    "sshServerConfigDesc": "对于隧道连接，SSH 服务器必须配置允许端口转发：",
+    "gatewayPortsYes": "绑定远程端口到所有接口",
+    "allowTcpForwardingYes": "启用端口转发",
+    "permitRootLoginYes": "如果使用 root 用户进行隧道连接",
     "sshServerConfigReverse": "对于反向 SSH 隧道，端点 SSH 服务器必须允许：",
     "gatewayPorts": "GatewayPorts yes（绑定远程端口）",
     "allowTcpForwarding": "AllowTcpForwarding yes（端口转发）",