fix(web_server): propagate --insecure flag to WebSocket security checks

[pranvgarg]

Problem

When the dashboard is bound to a non-loopback address using --insecure (e.g. a Tailscale IP like 100.116.24.10), all WebSocket connections to /api/pty, /api/ws, /api/pub, and /api/events fail with 403 Forbidden.

HTTP endpoints work fine. Only WebSockets are broken.

Root cause

start_server() accepts allow_public: bool (set when --insecure is passed) and uses it to skip the startup SystemExit guard — but never writes it to app.state:

# before
app.state.bound_host = host
app.state.bound_port = port
# app.state.insecure  ← never set

Every getattr(app.state, "insecure", False) call in the security guards always evaluates to False, making --insecure a no-op for WebSocket connections.

Specifically, _ws_client_is_allowed() checks the peer IP against _LOOPBACK_HOSTS. When the server is bound to a non-loopback address, the connecting client also has a non-loopback IP — so the check always fails and the WebSocket is rejected.

Fix

• Set app.state.insecure = allow_public in start_server() so the flag is visible to all handlers at runtime.
• Add the insecure short-circuit to _ws_client_is_allowed() and _ws_host_origin_is_allowed(), consistent with the existing (but unreachable) guard already present in host_header_middleware.
• Correct host_header_middleware's insecure branch to return await call_next(request) instead of bare True — returning a non-Response from an ASGI middleware causes a runtime TypeError.

Verification

Tested with hermes dashboard --host <tailscale-ip> --insecure. Before this fix, /api/events and /api/pty both returned 403. After this fix, both WebSocket connections complete the handshake and the dashboard chat tab works correctly.

[pranvgarg]

Closing to revise — will reopen with a cleaner version.