Merge feature/add_skin into master: resolve all conflicts

- GameGlobal.js: keep upstream SERVER_URL with /ws suffix
- en.js/zh.js: merge both settings.nickname and settings.profile keys
- SettingsScene.js: keep both nickname row and profile button
- server/index.js: merge express app + content security proxy with
  noServer WebSocket mode and path validation
- Add .gitignore for node_modules and .codebuddy

deploy/content-security/networkpolicy.yaml

@@ -0,0 +1,40 @@
+# ============================================================
+# NetworkPolicy: content-security-policy
+# Restrict access to content security service:
+# - Only allow ingress from game namespaces (tankwar, etc.)
+# - Allow egress to WeChat APIs and DNS
+# ============================================================
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: content-security-ingress-policy
+  namespace: content-security
+spec:
+  podSelector:
+    matchLabels:
+      app: content-security-service
+  policyTypes:
+    - Ingress
+  ingress:
+    # Allow from tankwar namespace
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: tankwar
+      ports:
+        - protocol: TCP
+          port: 3000
+    # Allow from any namespace with the game-client label
+    - from:
+        - podSelector:
+            matchLabels:
+              content-security-client: "true"
+      ports:
+        - protocol: TCP
+          port: 3000
+    # Allow health checks from within same namespace
+    - from:
+        - podSelector: {}
+      ports:
+        - protocol: TCP
+          port: 3000