fix(portal): pre-merge security hardening from code review

- PORTAL_OPEN_LINKS now defaults OFF — /portal/open/* is an unauthenticated,
  proxy-reachable session-minting path (and a linked project's open link grants
  the whole client's scope), so it must be explicitly enabled in dev.
- Session cookie: enforce server-side expiry (check iat vs COOKIE_MAX_AGE — was
  browser-only) and guard a non-dict signed body (was an uncaught AttributeError →
  500, reachable if SECRET_KEY is the insecure default).
- Escape operator-set strings (location/rule/event names) before innerHTML +
  Leaflet tooltips — they're client-facing, so a name with markup was stored XSS
  in the client's browser. Global esc() helper applied at every injection point.
- WS _scrub_frame drops a non-JSON frame instead of forwarding it raw; /history
  rows now whitelisted like the other scoped endpoints.
- Preview-client slug uses the full project id (an 8-char prefix could collide
  two projects onto one client).

Verified: cookie reader (fresh/expired/non-dict/missing-iat) + open-links default
off; templates parse; scoped scrubbing intact.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

templates/portal/base.html

@@ -179,6 +179,8 @@
     <script>
         // Theme toggle. Pages can listen for 'portal-theme' to re-skin canvases/maps.
         function cssVar(n) { return getComputedStyle(document.documentElement).getPropertyValue(n).trim(); }
+        // HTML-escape operator-set strings (location/rule names) before innerHTML/tooltip injection.
+        function esc(s) { return String(s == null ? '' : s).replace(/[&<>"']/g, c => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' }[c])); }
         function togglePortalTheme() {
             const cur = document.documentElement.getAttribute('data-theme') === 'light' ? 'light' : 'dark';
             const next = cur === 'light' ? 'dark' : 'light';