refactor: enhance security and performance in configuration and API routes

- Update Content Security Policy (CSP) in next.config.ts to avoid `unsafe-eval` in production, improving security against XSS attacks.
- Refactor API routes to enforce admin authentication and session validation, ensuring secure access to sensitive endpoints.
- Optimize analytics data retrieval by using database aggregation instead of loading all records into memory, improving performance and reducing memory usage.
- Implement session token creation and verification for better session management and security across the application.
- Enhance error handling and input validation in various API routes to ensure robustness and prevent potential issues.

app/api/analytics/reset/route.ts

@@ -22,12 +22,9 @@ export async function POST(request: NextRequest) {
 
     // Check admin authentication
     const isAdminRequest = request.headers.get('x-admin-request') === 'true';
-    if (!isAdminRequest) {
-      const authError = requireSessionAuth(request);
-      if (authError) {
-        return authError;
-      }
-    }
+    if (!isAdminRequest) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
+    const authError = requireSessionAuth(request);
+    if (authError) return authError;
 
     const { type } = await request.json();