Public server: separate in/out IP quotas, web dashboard scaffold, test intervals

3 agents worked in parallel:

1. DB schema (user_db.rs):
   - ip_usage: inbound_bytes/outbound_bytes columns (renamed from tx/rx)
   - test_intervals table for per-second graphing data
   - Directional methods: get_ip_daily_inbound/outbound, record_ip_inbound/outbound
   - Query methods: get_session_intervals, get_ip_sessions, get_ip_stats
   - New structs: IntervalData, SessionSummary, IpStats

2. Quota (quota.rs):
   - Direction enum (Inbound/Outbound/Both)
   - 6 new directional IP limits (daily/weekly/monthly × in/out)
   - check_ip() now takes direction parameter
   - record_usage() takes (inbound_bytes, outbound_bytes)

3. Web dashboard (web/):
   - Stub router with axum (will be expanded)
   - Templates: index.html + dashboard.html with Chart.js
   - Dependencies: axum, tower-http, serde, serde_json, askama (optional, pro feature)

CLI additions:
  --ip-daily-in, --ip-daily-out, --web-port, --shared-password

64 tests, all passing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/server_pro/server_loop.rs

@@ -15,7 +15,7 @@ use btest_rs::protocol::*;
 use btest_rs::bandwidth::BandwidthState;
 
 use super::enforcer::{QuotaEnforcer, StopReason};
-use super::quota::QuotaManager;
+use super::quota::{Direction, QuotaManager};
 use super::user_db::UserDb;
 
 /// Run the pro server with quota enforcement.
@@ -70,7 +70,7 @@ pub async fn run_pro_server(
         tracing::info!("New connection from {}", peer);
 
         // Pre-connection IP check
-        if let Err(e) = quota_mgr.check_ip(&peer.ip()) {
+        if let Err(e) = quota_mgr.check_ip(&peer.ip(), Direction::Both) {
             tracing::warn!("Rejected {} — {}", peer, e);
             btest_rs::syslog_logger::auth_failure(
                 &peer.to_string(), "-", "-", &format!("{}", e),